One of our customers called last week to tell us the story of how the Kanguru Mini-Clone saved the day. This gentleman runs his own small business and stores very important files on his PC. Taking no chances, the system is set up with dual hard drives in a RAID 1 configuration. If one drive fails, the second drive contains an exact copy. Unfortunately, disaster struck when the motherboard failed and neither drive could be accessed.
The hard drives were quickly removed from the system and popped into the Kanguru Mini-Clone. The first drive was faulty, but the second one powered right up. Our customer was able to access and download all of his important files to another system through the USB connection. (The unit supports both USB and eSATA.) While he was at it, he used the Mini-Clone to make an exact duplicate of the functional drive and put it in the safe for backup. The business was able carry on with minimal interruption.
.jpg "Kanguru Mini-Clone")
Kanguru Mini-Clone - Hard Drive Duplicator
We thought this was a great illustration of the versatility of the Kanguru Mini-Clone. In addition to being a hard drive docking station and cloner, the product also has data wiping functions to sanitize old equipment. It’s a great product for any size business.
Data Backup, Duplication
A recent NY Times story on the Google - China confrontation mentions an increasingly common attack using USB flash drives to load malware.
Often, malware infections are a result of high-tech twists on old-fashioned cons. One scam, for example, involves small U.S.B. flash drives, left in a company parking lot, adorned with the company logo. Curious employees pick them up, put them in their computers and open what looks like an innocuous document. In fact, once run, it is software that collects passwords and other confidential information on a user’s computer and sends it to the attackers.
USB malware is a serious problem and Kanguru highly recommends using endpoint security to defend against these types of attacks. Portable flash drives may cause security concerns, but blocking them altogether can reduce worker productivity and cause major inconveniences. Endpoint security is an easy way to allow limited flash drive usage and still keep out unauthorized devices. That is why Kanguru has built USB Device Control directly into its Remote Management Console. Now organizations can remotely manage their secure devices and lockdown all others from one integrated console.
Data Security, Malware, Portable Storage
The latest issue of State Tech Magazine highlights a great feature of the Kanguru Defender and Defender Elite - the ability to track and manage USB drives in the field.
One feature of the Kanguru Defender drives that Conover appreciates is the ability to remotely set a password and wipe the drive clean if necessary. The agency has about 12 offices throughout the state, many of which are several hours away from headquarters in Albany.
For more info, view our Flash Presentation or contact your account manager at one of our authorized solution providers.
Government, Portable Storage
Via Axcess News:
A survey released today reveals that in the last year, 4,500 memory sticks have been forgotten in people’s pockets as they take their clothes to be washed at the local dry cleaners. From 6th April onwards if data is lost and it causes a major security breach, this could now cost a company up to £500k with new powers given to the Information Commissioner’s office (ICO) to fine companies who have not sufficiently protected customers details under the Data Protection Act.
This is actually an improvement compared to last year’s survey, which hopefully means that security awareness is improving. It’s still an awfully large number of flash drives, though, and there is no telling what kind of data is on them. Given today’s large storage capacities, a memory stick could contain an entire database. Wouldn’t you want the power to remotely delete a lost drive before it turns up at the dry cleaner?
Data Security, Portable Storage
Connecticut AG Richard Blumenthal is suing health provider Health Net over a lost external hard drive that contained sensitive information for 1.5 million past and present customers. Under the new HITECH legislation passed last year, states can obtain statutory damages in the event of a HIPAA security breach. The hard drive was not encrypted.
In a related story, BCBS of Tennessee just notified the public about a data breach affecting 500,000 customers. 57 unencrypted hard drives have gone missing. The drives contained names, birth dates, social security numbers, and diagnostic healthcare information. BCBS will pay for credit monitoring. No word on HITECH penalties or lawsuits yet.
Data Security, Healthcare, Portable Storage
In the last two years, 1,057,560 Massachusetts residents have been affected by reported data breach incidents according to a report released by the Commonwealth (PDF).
A new Massachusetts law, set to go into effect on March 1, 2010, will require that “personal information” stored on laptops and other portable devices must be encrypted. Personal information is defined under the law as, “a resident’s first and last name, or first initial and last name, in combination with any one or more of the resident’s: (a) social security number; (b) driver’s license number or state issued ID number, or (c) financial account number, or credit or debit card number…”
It is believed that with the new Data Breach Law,
the incidence of security breaches caused by unintentional but careless practices will decrease, as will the potential damage to residents whose information is gathered by unauthorized persons, since their information will be guarded by more robust protections, including encryption of information.
Data Security
Recently there have been a lot of stories involving the security flaws of some high profile encrypted flash drives. Some follow up articles have claimed the initial news to be nothing more than FUD (Fear, Uncertainty, Doubt) stories, an attempt to influence public perception with negative information on what is essentially a nonstory.
We, however, disagree. If there is a security flaw in what is supposed to be a secure flash drive, one certified by the U.S. government and used for sensitive data, this is extremely newsworthy. The fact that they are FIPS certified only increases its newsworthiness.
Many government agencies are required to purchase FIPS validated/certified products. This requirement is based on the belief that if a device is FIPS certified, it is secure enough for sensitive government information. While FIPS only validates cryptographic functionality of products, there may be additional security aspects reviewed in the future (Common Criteria for example). NIST’s stance, that they are “actively investigating whether any changes in the NIST certification process should be made in light of this issue” may indicate that they need to also review items that have traditionally been treated as out-of-scope from a FIPS standpoint, but are certainly security relevant. One example would be a review of the cryptographic boundaries of security products.
Data Security, Government
One of the lessons that can be drawn from last week’s massive flash drive recall is the importance of central management. Right now many organizations are scrambling to retrieve their formerly secure flash drives from all over the globe. Little thought has gone into things like patch management, because thumb drives have not been treated the same way as other information assurance products. That may change after this incident.
Kanguru Remote Management Console allows Kanguru’s Secure USB Drives to be updated remotely anywhere in the world. Not only can you modify the security settings and password requirements, but the device firmware itself can be updated without physical possesion of the drive. Audit logs keep track of which devices are up-to-date and which are out of compliance. Administrators can even create automated actions to disable drives that have not checked in for updates within a certain period of time.
Central management is key to lowering the overall cost of ownership when you factor in costly compliance issues and helpdesk support. Now we can add security updates to the list of cost savings.
Data Security, Malware, Portable Storage
Several high profile Secure USB Flash Drives have been in the news this week due to a security flaw that could allow hackers to unlock the encrypted data. The Kanguru Defender family of encrypted flash drives are not susceptible to this method of attack. For more information, see our recent announcement or contact Kanguru directly if you have any specific concerns.
Kanguru Defender and Defender Elite use a secure hardware encryption processor to perform all password checks. Software hacks are ineffective against this type of security. The encryption chip itself is protected from physical tampering as well.
Data Security, Malware, Portable Storage
Bart Porter at (re)blog compiled a list of data breach greatest hits of 2009. Many of the incidents have been noted on the Kanguru Blog including the MP3 Player containing US Army data, local school district mishaps and hospitals that lose USB thumbdrives.
The conclusion:
There are many interesting details to note in this dubious line-up of data security breaches, including how many health care, government and education organizations are represented. Even more significant is how few business enterprises show up on the list. This may be a clear indication of what many in the data security industry realize and fear – that most businesses suffering a significant data security breach do not publicly acknowledge incidents as they occur.
We expect this to change as more and more data breach notification laws are enforced at the state level. The landmark Massachusetts law will take effect in March, 2010. Data encryption will become mandatory for portable devices that store customer or employee information.
Data Security
Follow us on Twitter