CHOOSING THE RIGHT PORTABLE SECURITY DEVICE. A guideline to help your organization chose the Best Secure USB device



Similar documents
Managed Portable Security Devices

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Multi-Factor Authentication Protecting Applications and Critical Data against Unauthorized Access

Navigating Endpoint Encryption Technologies

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

Management of Hardware Passwords in Think PCs.

Innovative Secure Boot System (SBS) with a smartcard.

SecureAge SecureDs Data Breach Prevention Solution

Pointsec Enterprise Encryption and Access Control for Laptops and Workstations

An Oracle White Paper December Leveraging Oracle Enterprise Single Sign-On Suite Plus to Achieve HIPAA Compliance

RSA SecurID Two-factor Authentication

SCB Access Single Sign-On PC Secure Logon

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Disk Encryption. Aaron Howard IT Security Office

Working Together Managing and Securing Enterprise Mobility WHITE PAPER. Larry Klimczyk Digital Defence P:

The Benefits of an Industry Standard Platform for Enterprise Sign-On

Remote Access Securing Your Employees Out of the Office

Kaspersky Lab s Full Disk Encryption Technology

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

BlackBerry 10.3 Work and Personal Corporate

DriveLock and Windows 7

Course: Information Security Management in e-governance

PGP Whole Disk Encryption Training

Secure Data Exchange Solution

e-governance Password Management Guidelines Draft 0.1

HIPAA Security. 4 Security Standards: Technical Safeguards. Security Topics

Using Entrust certificates with VPN

Guidance End User Devices Security Guidance: Apple OS X 10.9

HIPAA Security Alert

Complying with PCI Data Security

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

etoken Single Sign-On 3.0

10 steps to better secure your Mac laptop from physical data theft

MBAM Self-Help Portals

Securing Virtual Desktop Infrastructures with Strong Authentication

Digital Signatures on iqmis User Access Request Form

A practical guide to IT security

HP ProtectTools User Guide

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Did you know your security solution can help with PCI compliance too?

ACER ProShield. Table of Contents

Cloud Computing: What needs to Be Validated and Qualified. Ivan Soto

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

Secure USB Flash Drive. Biometric & Professional Drives

Research Information Security Guideline

solutions Biometrics integration

Beyond passwords: Protect the mobile enterprise with smarter security solutions

IronKey Enterprise Management Service Admin Guide

A. USB Portable Storage Device (PSD) Encryption Procedure

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Guidelines on use of encryption to protect person identifiable and sensitive information

How Endpoint Encryption Works

A Guide to Managing Microsoft BitLocker in the Enterprise

SECURING ENTERPRISE NETWORK 3 LAYER APPROACH FOR BYOD

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Data Access Request Service

Assessing the Security of Hardware-Based vs. Software-Based Encryption on USB Flash Drives

MCTS Guide to Microsoft Windows 7. Chapter 7 Windows 7 Security Features

Multifactor authentication systems Jiří Sobotka, Radek Doležel

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Enova X-Wall LX Frequently Asked Questions

GoldKey Software. User s Manual. Revision WideBand Corporation Copyright WideBand Corporation. All Rights Reserved.

End User Devices Security Guidance: Apple OS X 10.10

Locking down a Hitachi ID Suite server

Choosing an SSO Solution Ten Smart Questions

Certification Report

RSA SECURITY SOLUTIONS. Secure Mobile & Remote Access

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

DriveLock and Windows 8

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

The virtual safe: A user-focused approach to data encryption

Secure Remote Control Security Features for Enterprise Remote Access and Control

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Basic Concepts

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

Two factor strong authentication. Complex solution for two factor strong authentication

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Imation LOCK User Manual

Securing Data on Portable Media.

BYOD Guidance: BlackBerry Secure Work Space

Cloud Security Implications for Financial Institutions By Scott Galyk Director of Software Development FIMAC Solutions, LLC

How to enable Disk Encryption on a laptop

Transcription:

CHOOSING THE RIGHT PORTABLE SECURITY DEVICE A guideline to help your organization chose the Best Secure USB device

Introduction USB devices are widely used and convenient because of their small size, huge storage capacity, and high portability. According to Gartner, the flash drive market, secure or otherwise, has seen significant growth in recent years, and Gartner predicts continued growth, albeit at a reduced rate (see Gartner "Forecast: USB Flash Drives, Worldwide, 2004 2014"). The convenience and personal nature of these devices have created an avenue for information loss out of the enterprise, and an avenue for entry of malware. These problems have led to the need for a more secure device that provides the convenience that users desire and the controls necessary to protect the organization and their critical data. Key Features for Secure USB Flash Devices Feature Hardware based encryption of AES 256 CBC or better Architecture certification of FIPS 140 2 Level 2 or better Recovery key in case user's usual key is lost Authentication to device by passphrase, biometric or better Console for controlled provisioning and management Auditing capabilities Built in malware protection Support for Windows, Mac OS and other relevant platforms Remote device revocation and de provisioning Source: Gartner (February 2011) Desirability Optional When it comes to choosing a Portable Security Device (PSD), some key security factors must be taken into account. At the same time, you must go beyond the marketing hype to make sound decisions based on ensuring the security of your day to day business activities. Driverless is the way to go A minimum requirement for a PSD is a completely driverless device so that you can seamlessly carry data and applications from one computer to the next, irrespective of type or OS, without the burden of deploying and maintaining drivers. Similarly, administrator privileges on the machine should not be required. Most machines in large organizations are completely locked down and users have no privileges. Some devices need proprietary commands in order to operate, requiring elevated privileges, and will not work on machines where there are no such privileges granted to the user.

Software based versus hardware based encryption Software encryption opens up the possibility of residual information about the encryption keys being left behind and fully exposed in the host s swap file. Some USB devices use software encryption requiring software to be installed on the host PC. This not only reduces portability but also makes portability impossible for locked down corporate machines. In addition to the portability issue, software based encryption is definitely a less secure way to protect data. Encryption algorithms could be potentially compromised, opening the door to hackers. So hardware encryption is the better choice but not just any hardware encryption. The huge difference between 128 and 256 bit AES hardware based encryption 256 bit AES encryption is not twice as strong as AES twice 128 bit encryption would be 129 bit encryption. In fact, 256 bit AES is the square of the strength of 128 bit. That means AES 256 bit encryption is 340,282,366,920,938,000,000,000,000,000,000,000,000 times as secure as 128 bit. And that enormous difference is the reason why AES 256 bit meets the minimum standards for the most data sensitive environments. Different levels of User Authentication User Authentication grants access to data stored on a PSD. For the most sensitive data, at least 2 factor authentication should used. Password Authentication The minimum requirement for securely accessing the content stored on a PSD is password protection availability. However, the use of simple password protection won t withstand brute force attacks if the designated password itself is not very complex. Strong Password Authentication Strong password authentication relies on the availability of specific rules and policies that make the password difficult to crack. Usage policies include: Retry limit Password reuse threshold (can't reuse any of the X number of the most recent passwords) Maximum password life (user is forced to change it periodically) Minimum password life (user can't change it rapidly, preventing abuse of the password reuse threshold) Complexity rules define: Minimum password length Minimum number of special characters Minimum number of numeric characters Minimum number of alphabetical characters (lower and uppercase specifiable individually) Biometric Authentication Not all biometric solutions offer the same level of security the following options need to be taken into account: A secure biometric solution should not store any template outside of the security device Number of fingers that can be registered should be configurable Configurable biometric security levels Choice of fall back mechanisms defining how biometric users will authenticate if biometric authentication fails Strong Password and Biometric Authentication The ultimate authentication level is the combination of strong password and biometric authentication, making it impossible to access the PSD without being an authorized user.

Flexibility of authentication options The level of authentication should be flexible in order to meet the organization s security needs and accommodate the security requirements for specific groups of users. An organization should be given the flexibility to require different levels of authentication for different user profiles. For example, some senior executives remotely accessing sensitive data could be required to use 2 factor authentication while other employees carrying information internally may just need strong password authentication. Password or Biometric resets When users are blocked from their respective devices, there should be options for rescuing the user. This means a way to reset a biometric or password authentication so that the employee can continue to do his or her work with minimal disruption. Organizations may want to think carefully before outsourcing password recovery or data backup services. Giving this type of control to a third party, risks compromising critical corporate data and resources. Organizations should have the option of exercising full control over the reset of authentication mechanisms for their security devices. Imation Mob ile Security offers the option to manage corporate security device passwords through an internal help desk function. Data Recovery Being able to recover data without the user necessarily being present is often a key requirement to comply with audit and data security regulations. In addition, the corporate information stored on PSDs often belongs to the organization and PSD management solutions should offer a way to recover corporate data. This may apply, for example, in the situation where an employee is no longer with the company. Digital Identity PSDs may also act as full public key infrastructure (PKI) tokens or carriers for one time passwords such as RSA SecurID. This permits users to prove their identity to virtual private networks (VPNs), portals, websites and other applications. It can also allow users to encrypt communications such as e mail, digitally sign documents and perform a wide range of other identity based actions. For example, some financial institutions wish to offer to customers a known and secure environment within which business may be conducted, such as high value transactions with implicit authentication. These devices may be used as authenticators for such services. The customer authenticates to the device (e.g., using a fingerprint) which unlocks an authentication certificate that is then used to authenticate to the business banking service. Destroying data on authentication failures Just as data recovery is an important and necessary feature for some organizations, it is equally important to have a data destruction option. Some users may carry data that is so sensitive that its destruction is actually the best security, particularly when too many authentication attempts have failed. This capability should be optional and be fully configurable with a device management solution such as Imation Mobile Security Encrypted USB Manager. You may not want to tell your CEO that the company business plan has been irrevocably destroyed because of a forgotten password. Device Recycling PSDs belong to an organization and should be considered as a corporate asset just like laptops. Do you buy a new laptop every time an employee leaves your company? Then why would you throw away your portable security devices? The type of PSD you choose for your organization should be recyclable and/or re assigned to new users as often as needed.

PSD Manageability The deployment of security devices must be overseen and managed in order to maximize the benefits of data protection, portable applications, secure digital identities and strong user authentication. Being able to remotely update software and security policies on devices already issued should be a must have feature, simply to keep up with ever changing corporate requirements and policies. Furthermore, compliance with data security regulations and corporate governance requires that administrative roles for different tasks be separable and subsequent administrative operations be log able (segregation of duties). Full administrative control of the devices and usage polices by the organization is also a key compliance requirement. Asset management in any enterprise is the key to ensuring sound security. Knowing exactly what you have in the field contributes greatly to building a security threat proof matrix. Furthermore, knowing where you are vulnerable and where you are safe is crucial any security professional can confirm that the greatest threat comes from unknown assets, namely, those assets deployed that you don t know about. When deploying security devices, you want to make sure you know what person in the organization has what asset. Plus, you must have the ability to generate on demand reports for a variety of reasons: property theft, security incidents, compliance audit, internal verification and so on. Knowing who has what and what he or she was doing with it reveals the answers to these areas of interest. Portable Computing Many organizations have a requirement to allow staff to work remotely and securely. Examples include staff who are on the road often, work from home on a regular basis, or serve as a component of the business continuity plan. PSDs are becoming new alternatives to the traditional mobile environment the laptop, due to their convenience and potential for cost reduction. A boot from USB solution offers the most security for protecting enterprise data while also maintaining the best overall mobility and functionality. This solution can turn an unmanaged or nontrusted machine into a trustworthy environment and consequently enables a number of significant cost effective solutions for the enterprise. Making a smart investment In order to fully leverage your organization s PSD investment, you may want to consider the benefits of carrying around not only critical data but also your highly sensitive digital identity credentials. Imation Mobile Security s Stealth Series of portable security devices and solutions enable employees to carry data securely wherever they travel in the world. By combining the power of strong user authentication, data encryption, and portable digital identities, our innovative solutions provide the highest level of protection available against theft or loss of confidential information, data and systems.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information