Government Security News has a special section on Telework and Continuity Planning. Among the topics is the security threat associated with mobile workers. One of the key concerns is “the connection of infected devices to internal networks”. This threat has increased to due viruses that can auto-run and infect a computer from a USB device.
Kanguru Defender Elite USB flash drive will soon be shipping standard with anti-virus protection built-in. The device is fully encrypted with 256-bit AES hardware encryption, so that mobile workers can transport data without fear of data theft.
The ability to work from any location may be crucial to restoring government services in the event of an emergency. However, agencies might be introducing new risks if portability is not coupled with security.
Data Security, Government, Portable Storage
GCN reports that Congress may (or may not) pass federal data breach legislation this year. The Senate Judiciary Committee is currently considering a bill that would set standards for protecting sensitive personal information. Staffers are optimistic that something will get done this year.
A patchwork of state laws has grown up in recent years requiring organizations holding personal information to notify individuals when that information is exposed. This has been a big step forward in data protection, giving millions of potential identity theft victims a heads up when they might be at risk and highlighting identity theft as a major crime issue. But just about everybody agrees that a national standard would be an improvement, although there is concern that federal preemption of state laws could gut some of the stronger standards states have put into place and might limit citizens’ legal recourse.
It is not clear whether Federal legislation would specifically require encryption of sensitive data, similar to Massachusetts and Nevada state laws. It’s certainly an effective way to avoid a costly data breach.
Data Security, Government
Version 2.2 of the Kanguru Remote Management Console (KRMC) has a new feature that will make provisioning secure flash drives easier than ever. Administrators can now import directly from an Active Directory database and program Kanguru flash drives in an automated fashion. The drives will then be hard-coded with Employee data that can be tracked and logged including Name, Email and Phone Number.
While built-in encryption goes a long way towards securing your USB thumbdrives, KRMC goes a step further by providing control and accountability even after the drives have been distributed to employees. The logging and auditing features are extremely useful for showing compliance with HIPAA, GLBA, and a wide range of state laws that are popping up across the country.
The full press release is available at the Kanguru News website.
Data Security, Portable Storage
Via Federal Computer Week, the US DOE inspector general recently performed an IT security audit and found that “the department hadn’t ensured that sensitive data stored on mobile devices, sent in e-mail messages, or sent to off-site backup storage is sufficiently protected by encryption, as appropriate.”
The DOE partially agreed with the findings but added:
…taking adequate steps to ensure that there is no sensitive information on laptops or mobile devices should be sufficient without requiring encryption of all data on all devices.
This seems to rely a great deal on user behavior and will be vulnerable to malicious actions or just poor judgment by employees.
Data Security, Government, Portable Storage
Past attempts to create centralized security policy have had mixed results. For example, OMB Memo’s regarding portable device encryption (PDF link) were sometimes ignored by individual agencies. Security experts wonder if this time will be different…
“Unless they actually control some purse strings, all they can do is beg, plead, cajole and evangelize,” Schneier said. “They can’t really get anything done and that’s been traditionally the problem with cybersecurity czars.”
Data Security, Government
The Kanguru Bio AES encrypted USB Flash Drive has completed FIPS 140-2 certification. FIPS 140-2 is a comprehensive 3rd-party testing process that certifies the encryption module for use in US and Canadian Government applications. The standard is also seen as stamp-of-approval by other Government and Corporate security professionals.
Kanguru Bio AES features a built-in fingerprint sensor for 2-factor authentication (bio and password). Kanguru will offer a FIPS 140-2 version of the drive to both Government and Commercial users. The FIPS certificate and security document are posted by NIST here.
Data Security, Government
Kanguru will be exhibiting at the annual RSA Conference in San Francisco, April 20-23. Visit us at Booth 2659 to learn more about our secure USB Flash Drives and Remote Management Console providing:
- 100% AES-Hardware encryption
- Ability to remotely delete/disable drives that are lost or stolen
- Remote management and enforcement of passwords and security policies
- Audit logs to show compliance with regulations like HIPAA, SOX, FISMA and GLBA
Attendees at RSA Conference will be dealing with budget pressures this year, but security is not an area where companies can afford to compromise.
“Given the increased threats and pressures on security, a flat budget with increased threats equals a cut budget.”
Data Security, Events
Former DOT Chief Information Officer, Dan Mintz discusses the new Consensus Audit Guidelines and how they relate to FISMA. The CAG contains recommendations on portable storage:
Data stored on removable, easily transported storage media, such as USB tokens (i.e., “thumb drives”), USB portable hard drives, and CDs/DVDs, should be encrypted.
Meanwhile, the new administration is in the midst of a review of federal cyber-security initiatives.
Data Security, Government
Follow us on Twitter