Via Federal Computer Week, the US DOE inspector general recently performed an IT security audit and found that “the department hadn’t ensured that sensitive data stored on mobile devices, sent in e-mail messages, or sent to off-site backup storage is sufficiently protected by encryption, as appropriate.”
The DOE partially agreed with the findings but added:
…taking adequate steps to ensure that there is no sensitive information on laptops or mobile devices should be sufficient without requiring encryption of all data on all devices.
This seems to rely a great deal on user behavior and will be vulnerable to malicious actions or just poor judgment by employees.
Data Security, Government, Portable Storage
Kanguru’s newly enhanced Administrator Tool is a stand-alone control panel that allows IT Administrators to customize the settings and policies on Kanguru Defender, Defender Elite and Bio AES encrypted flash drives. The Administrator tool can be used to configure and provision drives or program them to be remotely managed with KRMC.
Configurable options include:
- Password strength and policies
- Master Password
- Number of Invalid Login Attempts before Lockout or Device Deletion
- Password reset options
- IP Range restrictions (Limit access only to approved workstations)
- Setting up secure communication with KRMC
The full press release is available here (PDF).
The proliferation of flash drives in today’s business environment is difficult for IT Administrators to get a handle on. Kanguru Administrator Tool is the first step in taking control of security policies for portable devices.
Data Security, Portable Storage
One of the standard responses to mobile device security risks is to lock down all USB ports on the network and create a white-list of approved devices. Most 3rd-party Endpoint Security solutions will enforce policies based on the flash drive Brand and Model. (e.g. Allow this model, but block all others.) Kanguru encrypted flash drives can be customized with Unique ID’s to offer an additional level of granularity and accountability.
Upon request, Kanguru can burn a unique electronic Device ID on each flash drive. Now employees can be tied to a specific device and usage will be tracked and audited. In addition, security policies can be customized for each individual drive. Administrators will quickly be alerted if an employee attempts to use a device that is not assigned to them, even if it is the same make and model as the approved drive. The Device ID can also be engraved on the outside of the device for quick identification.
Unique ID’s are available on Kanguru Defender, Defender Pro and Bio AES flash drives by request.
Data Security, Portable Storage
Super-gluing your USB ports is not the best solution in the long run. USB Flash Drives are so popular for a reason - they are extremely useful and increase the productivity of your employees. You can have both convenience and security by taking the right steps to secure your USB ports:
- Select company-approved flash drives – This drive should implement hardware-level encryption that forces the user to encrypt all data.
- Block all other USB devices – There are number of ways to enforce this through MS Group Policies or Endpoint security applications.
- Remotely manage your flash drives – Remote management provides control over your devices even after they leave your network. Disable and delete lost/stolen drives and provide regulators with the audit log that shows where, when and how.
Learn more about Kanguru’s remote management here.
Data Security
Follow us on Twitter