In a July 15 memo to all Federal Agencies, OMB Director Jack Lew sent a reminder that Telework solutions must comply with security guidelines and protect sensitive government information. Federal Computer Week highlights a few of the requirements, including data security and protection from systems that are not under direct agency control.
The Telework initiative is meant to improve worker productivity, while reducing government overhead and costs. It also adds business continuity in the event of an emergency or other event when employees can not reach the office. The downside is that Administrators lose some control over the hardware and software being used by their workers. Fears about security have resulted in slower than expected implementation of Telework policies.
To meet these security requirements, Kanguru and Absolute ID have designed the RocIT Defender Elite “Virtual System on a Stick” to enable Telework while still maintaining control over hardware and software. The device is a bootable, encrypted USB flash drive that launches a secure virtual OS completely isolated from the host system. The Administrator can lock down the OS and application settings with a golden image, and monitor the devices remotely using Kanguru Remote Management Console. All data is hardware encrypted with FIPS 140-2 certified cryptography. Contact Kanguru for more info on how RocIT Defender Elite can meet your Telework challenges.
Data Security, Government
US Government technology professionals are invited to visit Kanguru at FOSE 2011 next week at the Washington Convention Center (Booth # 800). Come learn more about the Kanguru RocIT Defender Elite - our bootable, virtual PC on a flash drive. The device features FIPS 140-2 encryption and DoD-tested virtual runtime environment.
We’ll also be displaying our Hard Drive, DVD and USB Duplication Equipment, as well as our next generation Secure USB storage products. While you’re there, join our email list and receive a FOSE discount.
Register for an Expo Pass here.
Events, Government
Today on InfoSec Island, you can read a new article by Kanguru contributors regarding the security of Solid State Drives (SSD). New technologies used in SSD’s makes it difficult to sanitize the drives of sensitive information.
Due to the difference in technology between flash based SSD’s and platter based HDD’s, currently accepted methods for sanitizing HDD’s such as multiple pass disk wipe and degaussing are not effective for securely removing data from SSD’s.
The difficulty in safely wiping SSD’s stems from the fact that SSD’s, and their cousin the flash drive both utilize solid state memory and a data writing technique known as wear-leveling. Wear-leveling is a method of controlling which flash cell has data written to it.
The article points out an effective method of ensuring that sensitive information can never be recovered by the wrong person.
A simple yet effective way to make sure that data is unrecoverable from an SSD is to utilize encryption. Using full disk encryption has a twofold effect. The first obvious effect is it will secure the contents of the data on the SSD.
Adding encryption, preferably at the hardware level, adds a layer of security to all your data and is a step towards meeting many of the security requirements currently needed in the financial, healthcare and public sectors.
Second, and equally important, when it comes time to retire the drive, the encryption key can be deleted, leaving the data inaccessible.
Read the full article here.
Data Security
Which is more costly to a business? Spending the money to become compliant with federally mandated security regulations or remaining noncompliant?
A recent study by the Ponemon Institute compared the cost of complying with state and federal security regulations vs. the cost of potential business disruption, productivity loss, revenue loss, and fines. Read more about it here.
Data Security
Courtesy of CRN.
A number of these incidents involve laptops or USB hard drives. The rule of thumb should be: If it’s portable, it’s easy to steal.
Data Security
Kanguru is proud to announce that the Kanguru Defender Elite encrypted USB flash drive has received FIPS 140-2 certification from the US and Canadian Governments. This hardware encrypted device meets Level 2 security requirements, which validates its use for protecting sensitive government information. Defender Elite also meets Level 3 requirements in several key security catagories. The FIPS 140-2 standard is recognized internationally and by a number of other industry regulations, including HIPAA (PDF) for Healthcare.
Check out our website for more product details, and read our previous post about remote management.
Data Security, Government, Portable Storage
In early 2009 the National Archives announced that it had lost a 1TB portable hard drive containing sensitive information from the Clinton Administration. Since none of the data was encrypted, the social security numbers and other personal data could easily be used to commit fraud. NARA had no remote management capabilities for the device, so there was really no way for them to track down the drive short of offering a substantial reward. Now they have announced exactly that - Federal Office Offers $50,000 Reward for Missing External Drive.
Upgrading hard drives and flash drives to encypted models with remote management capabilities would have cost less than $50,000 plus credit monitoring costs. Public and private companies can face even bigger costs than NARA when it comes to a data breach.
Data Security, Government, Portable Storage
Last week we mentioned that over a million MA residents have been affected by data breaches since the Office of Consumer Affairs started keeping track in October of 2007.
If your business is based in Massachusetts or your company does business there, you may be affected by the new state encryption law starting March 1. Kanguru has a new whitepaper available that explains the law and how to meet compliance requirements.
Learn more:
Kanguru Whitepaper - Massachusetts Data Encryption Law (PDF)
Kanguru Website - General compliance information for Public Sector, Financial Services and Healthcare organizations.
Data Security
The latest issue of State Tech Magazine highlights a great feature of the Kanguru Defender and Defender Elite - the ability to track and manage USB drives in the field.
One feature of the Kanguru Defender drives that Conover appreciates is the ability to remotely set a password and wipe the drive clean if necessary. The agency has about 12 offices throughout the state, many of which are several hours away from headquarters in Albany.
For more info, view our Flash Presentation or contact your account manager at one of our authorized solution providers.
Government, Portable Storage
Recently there have been a lot of stories involving the security flaws of some high profile encrypted flash drives. Some follow up articles have claimed the initial news to be nothing more than FUD (Fear, Uncertainty, Doubt) stories, an attempt to influence public perception with negative information on what is essentially a nonstory.
We, however, disagree. If there is a security flaw in what is supposed to be a secure flash drive, one certified by the U.S. government and used for sensitive data, this is extremely newsworthy. The fact that they are FIPS certified only increases its newsworthiness.
Many government agencies are required to purchase FIPS validated/certified products. This requirement is based on the belief that if a device is FIPS certified, it is secure enough for sensitive government information. While FIPS only validates cryptographic functionality of products, there may be additional security aspects reviewed in the future (Common Criteria for example). NIST’s stance, that they are “actively investigating whether any changes in the NIST certification process should be made in light of this issue” may indicate that they need to also review items that have traditionally been treated as out-of-scope from a FIPS standpoint, but are certainly security relevant. One example would be a review of the cryptographic boundaries of security products.
Data Security, Government
Follow us on Twitter