The UK Treasury Solicitor’s Department has published a new document that outlines security requirements for Counsel and Barristers. The TSol guidance document (PDF) recommends using only FIPS 140-2 validated encryption products, and provides tips for choosing an encryption vendor.
FIPS 140-2 validation is a comprehensive process that requires testing by an accredited security lab. Kanguru has now completed FIPS 140-2 certification with three generations of Secure USB Flash Drives: Kanguru MicroDrive AES, Kanguru Bio AES, and the new Kanguru Defender Elite, which is compatible with Mac and Windows, as well as Ubuntu and Red Hat Linux.
Data Security, Government, Portable Storage
Kanguru is proud to announce that the Kanguru Defender Elite encrypted USB flash drive has received FIPS 140-2 certification from the US and Canadian Governments. This hardware encrypted device meets Level 2 security requirements, which validates its use for protecting sensitive government information. Defender Elite also meets Level 3 requirements in several key security catagories. The FIPS 140-2 standard is recognized internationally and by a number of other industry regulations, including HIPAA (PDF) for Healthcare.
Check out our website for more product details, and read our previous post about remote management.
Data Security, Government, Portable Storage
In early 2009 the National Archives announced that it had lost a 1TB portable hard drive containing sensitive information from the Clinton Administration. Since none of the data was encrypted, the social security numbers and other personal data could easily be used to commit fraud. NARA had no remote management capabilities for the device, so there was really no way for them to track down the drive short of offering a substantial reward. Now they have announced exactly that - Federal Office Offers $50,000 Reward for Missing External Drive.
Upgrading hard drives and flash drives to encypted models with remote management capabilities would have cost less than $50,000 plus credit monitoring costs. Public and private companies can face even bigger costs than NARA when it comes to a data breach.
Data Security, Government, Portable Storage
Kanguru has partnered with Appspeed Distribution to increase the availability of Kanguru secure memory sticks in the United Kingdom. Kanguru Defender Elite can now be purchased by both Private and Public Sector users at Probrand’s IT Index.
“An outbreak of data breaches in the UK has made encryption a high priority” commented Grahame Smee, Managing Director of AppSpeed Distribution. “Kanguru Solutions’ highly secure storage devices and remote management console help businesses and government agencies combat the increasing data breach problem.”
Defender Elite is in the final stages of FIPS 140-2 certification (Level 2). FIPS 140-2 is a US and Canadian security standard, which is also recommended by the UK Government Cabinet Office. Their new arrangements for data handling procedures (PDF) specify that
removable media should be encrypted to a standard of at least FIPS 140-2 or equivalent in addition to being protected by a authentication mechanism, such as a password
To add to the confusion, some vendors in the UK are advertising FIPS 197 validation. FIPS 197 only examines one component of the overall security system, and does not account for important considerations like authentication methods, random number generation, hashing and brute-force protections. FIPS 140-2 covers a much wider range of requirements and should be considered the minimum standard.
Data Security, Government, Portable Storage
The latest issue of State Tech Magazine highlights a great feature of the Kanguru Defender and Defender Elite - the ability to track and manage USB drives in the field.
One feature of the Kanguru Defender drives that Conover appreciates is the ability to remotely set a password and wipe the drive clean if necessary. The agency has about 12 offices throughout the state, many of which are several hours away from headquarters in Albany.
For more info, view our Flash Presentation or contact your account manager at one of our authorized solution providers.
Government, Portable Storage
Recently there have been a lot of stories involving the security flaws of some high profile encrypted flash drives. Some follow up articles have claimed the initial news to be nothing more than FUD (Fear, Uncertainty, Doubt) stories, an attempt to influence public perception with negative information on what is essentially a nonstory.
We, however, disagree. If there is a security flaw in what is supposed to be a secure flash drive, one certified by the U.S. government and used for sensitive data, this is extremely newsworthy. The fact that they are FIPS certified only increases its newsworthiness.
Many government agencies are required to purchase FIPS validated/certified products. This requirement is based on the belief that if a device is FIPS certified, it is secure enough for sensitive government information. While FIPS only validates cryptographic functionality of products, there may be additional security aspects reviewed in the future (Common Criteria for example). NIST’s stance, that they are “actively investigating whether any changes in the NIST certification process should be made in light of this issue” may indicate that they need to also review items that have traditionally been treated as out-of-scope from a FIPS standpoint, but are certainly security relevant. One example would be a review of the cryptographic boundaries of security products.
Data Security, Government
Government Computer News named the Kanguru eFlash one of its Best Products of 2009!
All this power and speed is packed into a drive the size of a cigarette lighter, a fitting analogy for something that is so smokin’.
Kanguru would like to thank the folks at the GCN Lab for taking the time to evaluate and review the eFlash. We would also like to thank the other publications that reviewed the eFlash this year.
Stay tuned for great new products launching in 2010.
Data Backup, Government, Portable Storage
Government Security News has a special section on Telework and Continuity Planning. Among the topics is the security threat associated with mobile workers. One of the key concerns is “the connection of infected devices to internal networks”. This threat has increased to due viruses that can auto-run and infect a computer from a USB device.
Kanguru Defender Elite USB flash drive will soon be shipping standard with anti-virus protection built-in. The device is fully encrypted with 256-bit AES hardware encryption, so that mobile workers can transport data without fear of data theft.
The ability to work from any location may be crucial to restoring government services in the event of an emergency. However, agencies might be introducing new risks if portability is not coupled with security.
Data Security, Government, Portable Storage
A USB memory stick containing sensitive Royal Navy data was found near the docks in Northern Ireland last week. The data on the device included personnel information as well as restricted information related to naval operations.
Detectives are currently examining the memory stick to determine who the device belongs to and whether any data was copied. This is one of the main reasons that Kanguru recommends that organizations take a more proactive approach to managing USB devices. With centralized control in place, authorities could find the device owner with a few mouse clicks. Audit logs would show where and when the device was connected, and forced hardware encryption would ensure that no sensitive data falls in the wrong hands.
As The Guardian points out, this type of security breach could have dangerous consequences:
Security sources said that, given the current level of threat from republican dissidents, any lapse was serious, as they have previously targeted not only police and troops but other members of the UK’s armed forces.
Data Security, Government, Portable Storage
GCN reports that Congress may (or may not) pass federal data breach legislation this year. The Senate Judiciary Committee is currently considering a bill that would set standards for protecting sensitive personal information. Staffers are optimistic that something will get done this year.
A patchwork of state laws has grown up in recent years requiring organizations holding personal information to notify individuals when that information is exposed. This has been a big step forward in data protection, giving millions of potential identity theft victims a heads up when they might be at risk and highlighting identity theft as a major crime issue. But just about everybody agrees that a national standard would be an improvement, although there is concern that federal preemption of state laws could gut some of the stronger standards states have put into place and might limit citizens’ legal recourse.
It is not clear whether Federal legislation would specifically require encryption of sensitive data, similar to Massachusetts and Nevada state laws. It’s certainly an effective way to avoid a costly data breach.
Data Security, Government
Follow us on Twitter