US Government technology professionals are invited to visit Kanguru at FOSE 2011 next week at the Washington Convention Center (Booth # 800).  Come learn more about the Kanguru RocIT Defender Elite – our bootable, virtual PC on a flash drive.  The device features FIPS 140-2 encryption and DoD-tested virtual runtime environment.

We’ll also be displaying our Hard Drive, DVD and USB Duplication Equipment, as well as our next generation Secure USB storage products.  While you’re there, join our email list and receive a FOSE discount.

Register for an Expo Pass here.

Events, Government

Kanguru is pleased to announce that the Defender Elite encrypted USB flash drive is now undergoing evaluation for Common Criteria EAL2+.

Common Criteria is an internationally recognized security evaluation program developed to ensure an information technology product or service meets a variety of robust government security standards. There are currently 36 nations, worldwide, which mutually recognize the merits of the Common Criteria Standard.  Kanguru’s evaluation is being overseen by the German Federal Office for Information Security (Bundesamt fur Sicherheit in der Informationstechnik (BSI)).

“By undergoing the Common Criteria evaluation, we continue to position ourselves on top of the secure portable data storage industry.” said Don Brown, CEO of Kanguru. “Common Criteria, along with our fully manageable devices and current FIPS 140-2 Validations, distinguishes our products and services as the most secure, manageable and feature rich in the portable data storage industry.”

Read more.

Data Security, Portable Storage

Written by: Emmett Jorgensen

Ten years ago the miniature USB thumb drive crashed onto the scene, revolutionizing the portable storage industry.  Although expensive at the time of its initial release, it quickly came down in price and went up in storage capacity, providing massive amounts of storage in a tiny form factor.

Today, the revered little flash drive is making waves again, but this time as the newest advancement in secure, portable computing.  A few innovative companies have developed a way to transform the flash drive from a simple storage device into a portable virtual machine manager, allowing users to store a completely bootable operating system, applications and data on a high capacity flash drive.

Using a Bare-Metal-Boot Mode, these devices never have to touch the internal hard drive of the host machine. Read more…

Data Security, Portable Storage

State legislatures around the country continue to enact stronger and stronger data breach laws to protect their citizens against unlawful use of personal information.  The two latest actions are in California and Massachusetts.  See the Workplace Privacy Report to learn more about the new bills.

Massachusetts already has one of the toughest data security laws.  Most other states have regulations that require public notification of data breaches and allow for civil or criminal penalties.  Many, but not all of them, provide safe harbor from penalties if the data was properly encrypted.

Data Security

USB Flash drives: Petite, portable storage devices capable of storing gigabytes of data.  They’ve revolutionized the business world with their convenience and portability; however, there is a darker side to the revered little flash drive.

Their tiny size often makes them easy to lose and their storage capacity allows huge amounts of potentially sensitive data to be stored on them. If lost or stolen a single, tiny, insecure flash drive has the potential to cause a massive data breach.

As state, federal and business regulations tighten on information security and impose fines and sanctions for data breaches, the question arises:  Should flash drives be banned from work environments, as the Department of Defense did in the fall of 2008[i]?  Or can they be used in a safe manner without limiting the very attributes that make them so popular?

The answer to this will vary greatly depending on your organizational policies and security standards; however, there are options for using flash drives securely.

A good starting point is encrypted flash drives.  While encryption is important, there are many more factors to take into consideration in the overall security of flash drives.

In order to cover some of the new security developments surrounding flash drives and to figure out the best solutions for your needs I’ve come up with 11 basic questions to ask when buying a secure flash drive.

Question #1: What is the overall level of security and has it been certified by an independent, accredited entity?

Why it is important: Generally, the higher the encryption level (128-bit, 256-bit), the more difficult it is for a hacker to break.  However, it is also very important that the device be tested for other relevant factors such as encryption tunnels, a true random number generator, physical security features, hashing, and the security of the device’s firmware. Read more…

Data Security, Financial, Government, Healthcare, Malware

The Dept of Health and Human Services is stepping up enforcement of HIPAA privacy laws by handing out new fines against two violators.

From Government Computer News:

HIPAA requires health plans, health care clearinghouses and most health care providers to protect the privacy of patient information through administrative, physical and technical safeguards.

After an investigation by OCR, the agency found Mass General in violation when an employee left documents relating to 192 patients on a subway train. The documents, which were never recovered, included information on patient names, dates of birth, medical record numbers, health insurers and policy numbers, diagnoses and name of providers for 66 of those patients. HHS discovered the loss after a patient reported the records lost on March 9, 2009.

Mass General was fined $1 Million for this violation.  Imagine how many USB flash drives and other portable devices get lost in subway trains, taxis and other public places every year.  With HHS handing down stiff penalties, it’s time to consider security plans for these devices.

Data Security, Healthcare, Portable Storage

It might be on a flash drive owned by a government employee and it probably isn’t encrypted.

KATU has the story of a lost flash drive containing social security numbers for about 300 Oregon Dept of Corrections employees.  It’s not clear whether the Dept had a security policy in place regarding portable storage.  These incidents are preventable with the right combination of technology and security policies.

Data Security, Portable Storage

Many organizations are looking for new ways to increase the productivity of offsite users.  This no longer includes just the field team, but is now including more general employees who can be enabled to work from home.  The US Government is extending its Telework policy with this sort of flexible arrangement in mind.

Security and managability are key issues to consider in a Telework policy.  Kanguru and Absolute ID have designed the RocIT Defender virtual platform with these priorities in mind.

1. Secure, Portable Operating System on a hardware encrypted flash drive.  (FIPS 140-2 version available)

2. Not vulnerable to infection by malware and viruses on untrusted machines. Device can bypass all of this!

3. Can be remotely managed: delete lost or stolen drives, update files on device, etc.

4. Lower total cost of ownership with stronger security than notebook and tablet computers.

Find out more about the RocIT Defender “PC on a Stick” at our website.

Data Security, Government

UPI is reporting on a story from South Korea’s Yonhap News Agency, which has all the ingredients of a great mystery plot:  Secret battle plans, a missing USB flash drive and a potential cover-up.

“The military unit, the DSC and ministry of defense were all informed of the case but never took action,” a source said in the Yonhap report. “It (the drive) contains confidential information on national security, but nobody knows where it is.”

The story lacks detail, but it’s not a stretch to believe that a large organization has know idea where it’s IT assets are.  This is a common problem.

Kanguru’s Remote Management Console solves this issue for USB flash drives.  Administrators can view exactly when and where each device is being used.  The moment that a drive is reported missing, an automatic delete or disable command can be issued from the console.

Data Security, Government, Portable Storage

The loss of portable devices is gaining more attention as companies strive to balance security concerns with user productivity.  Last week, a group of experts gathered to discuss laptops in particular.

Intel on Thursday brought together a panel of technology security experts to discuss the findings of a recent survey it sponsored, entitled, “The Billion Dollar Lost Laptop Problem.” Conducted by Ponemon Institute, the survey gathered data from 329 organizations that have lost a total of more than 86,000 laptops worth a combined $2.1 billion in the past year. Forty-six percent of these systems contained confidential data, but 70 percent lacked basic precautions including encryption, back-up and anti-theft technology.

The numbers are similarly scary for portable storage devices like USB flash drives.  While these drives are extremely convenient for employees, the data stored on the drives needs to be protected.

Members of the panel pointed out two key areas for improving security.  One was implementing security controls that don’t require user intervention.  When implementing encryption, it should be seamless and automatically enforced.  Another method of improving security is to include a remote kill or disable technology, so that lost devices can be locked down and secure from leaking data.  Making these features standard in portable devices will go a long way toward preventing future data breaches.

Data Security, Portable Storage