A new study from the Digital Forensics Association, called The Leaking Vault 2011, covers 3,765 publicly disclosed data breach incidents over the past six years.  The estimated cost of these data breaches totaled more than $156 Billion.  “Hacking” exposed the largest number of records, while “Drive/Media” exposures were the second leading cause.

The study also shows the breakdown of incidents among business, education, government and medical sectors.  It clearly shows that data breaches can happen to a wide variety of institutions, not just those that handle “classified” information.  State data breach laws and industry regulations like HIPAA have increased the spotlight on data security outside of traditional national security organizations.  In fact, medical data breaches were the fastest growing segment from 2005-2010.

Read the full report for conclusions and recommendations.

Data Security, Financial, Government, Healthcare, Malware, Portable Storage

Stop by LandWarNet 2011, August 23-25, at the Tampa Convention Center, booth # 1617,  to visit Kanguru and learn about our current solutions.

We will be showcasing the RocIT Defender Elite - our bootable, virtual PC on a flash drive, Hard Drive Duplicators and more.

Events, Government

In a July 15 memo to all Federal Agencies, OMB Director Jack Lew sent a reminder that Telework solutions must comply with security guidelines and protect sensitive government information.  Federal Computer Week highlights a few of the requirements, including data security and  protection from systems that are not under direct agency control.

The Telework initiative is meant to improve worker productivity, while reducing government overhead and costs.  It also adds business continuity in the event of an emergency or other event when employees can not reach the office.  The downside is that Administrators lose some control over the hardware and software being used by their workers.  Fears about security have resulted in slower than expected implementation of Telework policies.

To meet these security requirements, Kanguru and Absolute ID have designed the RocIT Defender Elite “Virtual System on a Stick” to enable Telework while still maintaining control over hardware and software.  The device is a bootable, encrypted USB flash drive that launches a secure virtual OS completely isolated from the host system.  The Administrator can lock down the OS and application settings with a golden image, and monitor the devices remotely using Kanguru Remote Management Console.  All data is hardware encrypted with FIPS 140-2 certified cryptography.  Contact Kanguru for more info on how RocIT Defender Elite can meet your Telework challenges.

Data Security, Government

US Government technology professionals are invited to visit Kanguru at FOSE 2011 next week at the Washington Convention Center (Booth # 800).  Come learn more about the Kanguru RocIT Defender Elite - our bootable, virtual PC on a flash drive.  The device features FIPS 140-2 encryption and DoD-tested virtual runtime environment.

We’ll also be displaying our Hard Drive, DVD and USB Duplication Equipment, as well as our next generation Secure USB storage products.  While you’re there, join our email list and receive a FOSE discount.

Register for an Expo Pass here.

Events, Government

A great little story came out a couple of weeks ago regarding the Federal Information Processing Standards (FIPS) Validation process which definitely bears repeating.  In the article, the author compares not using FIPS Validated cryptography to “opening a savings account at a bank without the FDIC’s $250K-per-account guarantee. You could do it, and it might work, but why take the risk when a safer option is available for no extra charge?” Read more…

Data Security, Government

USB Flash drives: Petite, portable storage devices capable of storing gigabytes of data.  They’ve revolutionized the business world with their convenience and portability; however, there is a darker side to the revered little flash drive.

Their tiny size often makes them easy to lose and their storage capacity allows huge amounts of potentially sensitive data to be stored on them. If lost or stolen a single, tiny, insecure flash drive has the potential to cause a massive data breach.

As state, federal and business regulations tighten on information security and impose fines and sanctions for data breaches, the question arises:  Should flash drives be banned from work environments, as the Department of Defense did in the fall of 2008[i]?  Or can they be used in a safe manner without limiting the very attributes that make them so popular?

The answer to this will vary greatly depending on your organizational policies and security standards; however, there are options for using flash drives securely.

A good starting point is encrypted flash drives.  While encryption is important, there are many more factors to take into consideration in the overall security of flash drives.

In order to cover some of the new security developments surrounding flash drives and to figure out the best solutions for your needs I’ve come up with 11 basic questions to ask when buying a secure flash drive.

Question #1: What is the overall level of security and has it been certified by an independent, accredited entity?

Why it is important: Generally, the higher the encryption level (128-bit, 256-bit), the more difficult it is for a hacker to break.  However, it is also very important that the device be tested for other relevant factors such as encryption tunnels, a true random number generator, physical security features, hashing, and the security of the device’s firmware. Read more…

Data Security, Financial, Government, Healthcare, Malware

10% of Online Sales to Benefit Fisher House

In light of the recent successes of our Special Operations and Intelligence Services, and to honor our veterans who have sacrificed so much for the good of our country, Kanguru will be donating 10% of every online order placed this week to the Fisher House. (http://www.fisherhouse.org/)   This includes ALL products!  Flash drives, hard drives, duplicators and more.

About Fisher House:
“The Fisher House program is a unique private-public partnership that supports America’s military in their time of need. The program recognizes the special sacrifices of our men and women in uniform and the hardships of military service by meeting a humanitarian need beyond that normally provided by the Departments of Defense and Veterans Affairs.”

“Because members of the military and their families are stationed worldwide and must often travel great distances for specialized medical care, Fisher House Foundation donates “comfort homes,” built on the grounds of major military and VA medical centers. These homes enable family members to be close to a loved one at the most stressful times - during the hospitalization for an unexpected illness, disease, or injury.”

Details:

When: 5/2/2011 – 5/9/2011
Where: Kanguru’s Online Store
How Much: 10% of each sale

Remember freedom isn’t free.  Thank a soldier today!

Government, Portable Storage

Don’t let an unsecure flash drive cause business disruption, productivity loss, revenue loss, and fines.

Recent events in the news have demonstrated the ease with which portable devices can be used to steal confidential data.

Avoid your own personal Wikileaks by securing your USB flash drives.  Kanguru’s secure flash drives and remote management capabilities provide excellent protection against data leaks.

The Kanguru Defender Elite coupled with Kanguru Remote Management Console (KRMC) give CIO’s and CISO’s an unprecedented level of control over their flash drives.  Data breaches can be prevented with features such as:

Remote Disable/Delete - Remotely disable or delete devices compromised by rogue employees to protect sensitive information and prevent data breaches.

Domain/IP Control - Restrict drive usage to approved domains & IP ranges and prevent unauthorized use in external networks.

Offline Restrictions - Control whether devices can be used offline. Prevent unauthorized use in external networks.

Auditing and Reporting - KRMC enforces a full audit trail with detailed graphical reporting and the ability to export both customizable audit logs and graphs for external analysis to ensure proper compliance.

Data Security, Financial, Government, Portable Storage

Many organizations are looking for new ways to increase the productivity of offsite users.  This no longer includes just the field team, but is now including more general employees who can be enabled to work from home.  The US Government is extending its Telework policy with this sort of flexible arrangement in mind.

Security and managability are key issues to consider in a Telework policy.  Kanguru and Absolute ID have designed the RocIT Defender virtual platform with these priorities in mind.

1. Secure, Portable Operating System on a hardware encrypted flash drive.  (FIPS 140-2 version available)

2. Not vulnerable to infection by malware and viruses on untrusted machines. Device can bypass all of this!

3. Can be remotely managed: delete lost or stolen drives, update files on device, etc.

4. Lower total cost of ownership with stronger security than notebook and tablet computers.

Find out more about the RocIT Defender “PC on a Stick” at our website.

Data Security, Government

UPI is reporting on a story from South Korea’s Yonhap News Agency, which has all the ingredients of a great mystery plot:  Secret battle plans, a missing USB flash drive and a potential cover-up.

“The military unit, the DSC and ministry of defense were all informed of the case but never took action,” a source said in the Yonhap report. “It (the drive) contains confidential information on national security, but nobody knows where it is.”

The story lacks detail, but it’s not a stretch to believe that a large organization has know idea where it’s IT assets are.  This is a common problem.

Kanguru’s Remote Management Console solves this issue for USB flash drives.  Administrators can view exactly when and where each device is being used.  The moment that a drive is reported missing, an automatic delete or disable command can be issued from the console.

Data Security, Government, Portable Storage