Last week, Brian Smith wrote about the advantages of using the BackStopp solution to prevent data theft. With its ability to make data self-destruct, BackStopp addresses a very real concern; even if data is encrypted, advances in crypto-analysis or processing speed could eventually yield the contents of any encrypted volume.
This is one of the reasons that mobile devices — including the RIM BlackBerry, later versions of Windows Mobile, and even the just-announced updates to the Apple iPhone — are featuring the ability to perform remote data wipes.
IronKey: Portable media with true hardware encryption
In the wake of such concerns, and especially if the amount of data you need to protect is of manageable size, a more robust option might be to purchase a removable hardware encrypted volume such as the IronKey USB flash drive. In fact, after you discount the insecure wannabes and outright fakes out there, the IronKey is the only such device on the market that I’m aware of at the moment.
Authentication occurs via a software application found in a small, unencrypted partition on the drive. The application doesn’t perform any actual encryption; it merely serves as a conduit to feed the password to a custom-developed “Cryptochip.” After successful authentication, the Cryptochip unlocks the main drive partition containing all of the data, revealing it as an additional drive letter.
The IronKey then functions much like a regular flash drive, with one exception. It transparently encrypts all data saved to the flash drive with AES CBC-mode encryption. You can manually lock it again via the Lock button on the application panel, or you can simply unplug it from the USB drive.
Just how secure is it?
So what happens if an unauthorized user attempts to access the IronKey device? After 10 incorrect password attempts — the Cryptochip maintains the counter itself –, the Cryptochip will immediately perform an exhaustive hardware wipe of all flash and Cryptochip memory.
And just how robust is the encryption? Unlike certain other hardware encryption devices that employ “homegrown” cryptographic algorithms, the IronKey has undergone rigorous cryptoanalysis. In addition, an FIPS 140-2 compliant True Random Number Generator on the Cryptochip itself generates the encryption keys used to protect the data.
The IronKey’s rugged metal casing also contains an epoxy compound, making it both waterproof and tamperproof. Its SLC NAND Flash comes in dual channels, making its performance almost comparable to the top-tier flash drives on the market today despite its on-the-fly encryption.
The IronKey also attempts to leverage its unique properties by offering an onboard Web browser (Firefox) for private Web surfing, a password manager, and an online encrypted backup run by the company. Of course, you probably wouldn’t want to bother with these extra frills in an enterprise setting. However, there’s an enterprise version available without these features — less support that the IT department has to deal with!
An option in your security arsenal
By using the IronKey device, maintaining a robust level of security might be as easy as training executives to save all confidential documents to the flash drive. Unfortunately, the login application is Windows only at the moment. However, the IronKey FAQ says the company is currently developing and testing IronKey components that allow you to use it on Mac and Linux systems.
Obviously, this device will do you no good if users continue saving documents onto their hard drives for convenience. And keep in mind that it’s a product-centric solution, dependant on one manufacturer to produce and sell them.
However, if its proprietary nature doesn’t bother you, and if implemented properly with policies that users adhere to, the IronKey device represents a relatively simple and inexpensive drop-in solution to greatly enhance security in your mobile media.