2. Lost & Stolen USB Drives * Survey of IT Professionals Store confidential data on flash drives Not reporting the lost devices immediately Yes Lost data bearing devices Yes *Ponemon Institute 2007
16. IronKey Enterprise Always-On Encryption Eliminates Risk of Lost or Stolen Flash Drives Protects Against “Rogue” Users Remote Administration & Policy Enforcement Portable ID and Strong Authentication
The key is the custom-designed IronKey CryptochipWe design devlop the Cryptochip ourselvesHardware-based encryption has the encryption algorithm in hardware (the Cryptochip in our case), an approach that is much more secure and runs much faster than software-based encryption, and puts no overhead on the drive itselfAll data is encrypted all the time—There’s no way to accidentally turn it off; you can’t fail to have the driver installed; there’s no way for a user to accidentally transfer a file to the wrong partition and have it not be encrypted; etc. This “always on” encryption is critical for data protection and for compliance in some industries (i.e., where, by regulation, you can’t let the user make a mistake)All Encryption keys are stored hardware and are not subject to “cold boot” attacks—an approach recently proven at Princeton where you take a computer that has software encryption, which is asleep or recently shut down, and spray a compressed-air cleaning spray (available at any office supply store) on the memory chips to cool them down to near freezing, and then extract the decryption keys, which allows you to reboot and get at the entire contents of the diskUnlike competitors, encryption keys are not created or escrowed outside the deviceProtects against password brute-force guessing — IronKey is more secure because all password verification is done in hardware. After 10 tries we lock you out, blow away the encryption keys, and blow away the data. In software there’s no way to prevent you from replaying and testing millions of passwords, and there’s products out there today that can guess 250,000 passwords a secondBoth hardware- and software-based encryption use strong encryption algorithms. However, two key weak links are encryption keys and the method employed for the encryption algorithm—Weak Key Protection in SoftwareMost competitors create their encryption keys outside of the deviceMost competitors store their encryption keys in NAND Flash memoryMade in ChinaSome competitors manufacture the drives and create encryption keys in factories overseas, which means when you leave the encryption keys floating around or escrowed by a foreign entity, you risk compromising the whole production run. So how can you trust a security product made in China?IronKey uses the preferred AES encryption modeMost competitors use ECB (Electronic Code Book) mode, which is not recommended by NIST or NSA. ECB encrypts the blocks to look exactly the sameWe have taken the time to implement the proper CBC (Cyber Block Chain), is the most secure mode and is preferred by both NIST and NSA
IronKey Basic, like all IronKeys, are designed to meet one of the most necessary but yet overlooked features in a secure USB device—ease of use.
IronKey Enterprise extends the IronKey platform’s the strong encryption capabilities, speed, and rugged reliability with remote management and policy enforcement.Features—Always-on encryption provides a fool-proof way to ensure that users protect critical IP and other confidential data, while also enabling compliance with regulation regarding protection of personal data. (Reiterate: All data is encrypted all the time—There’s no way to accidentally turn it off; you can’t fail to have the driver installed; there’s no way for a user to accidentally transfer a file to the wrong partition and have it not be encrypted; etc.)The platform’s unique management as an online service offers a number of advantages— You can manage users remotelyYou don’t have any software to install, no server to install, no database to manage—IronKey manages all that for the customerWe don’t have any of your data on our system (if you choose not have any passwords). All we know is the devices serial number, so it’s a highly secure systemOnboard digital certificate provides simple strong authentication--will soon have capability to import certificates, providing simple authentication for VPNs, firewalls, etc.You can also choose to give users the full privacy and identity protection features of IronKey Personal— A secure onboard Firefox browser and password manager protects the user’s identity and passwords“Secure Session” protects users on insecure WiFi networks and enables them to open a secure, private tunnel through the public InternetSleek waterproof metal case helps shield the chips and critical data
PROTECT YOUR DATA, SECURE YOUR FILESAND IDENTITY WITH IRONKEYENCRYPT YOUR DATAPROTECT YOUR IDENTITYSURF PRIVATELY
You can see the that we have created an IronKey for everybodyFrom Basic with provides the hardware foundation for the entire product lineTo Personal which includes software and services to protect users online includingEnterprise which lets you configure with applications are available to users, remotely manage user devices and recover data if necessaryIronKey comes in three flavors.IronKey Basic—Offers the most secure portable storage device available for organizations that need the highest data security and have restrictions on third-party software—the Military is a good example of this type of customer. Has only one piece of software, which enables local encrypted back-up of the contents of the IronKeyIronKey Personal—Combines the world’s most secure flash drive with Internet and Identity protection services, includingA secure Firefox browser on the device that lets you take computer bookmarks, history, favorites with you and plug in a complete digital life into any computerStores you temp and cache files on the IronKey so they are not available for heisting“Secure Sessions,” which enables encrypted web surfing over any network and protects you against pharming attacks (we run the DNS for you, so if for example somebody has tampered with DNS on a WiFi network and someone has tampered with the DNS they can’t redirect you to a fraud site—we’ll take you to the correct site)A password manager on the device that lets you store and manage all your Internet passwords on the IronKey, which not only adds convenience but protects users from keyloggers because it enters passwords with just one click one of the mouse (you can also optionally store them with us so that if you lose your device you can restore your passwords by answering secret challenge/response questions)IronKey Enterprise,Tailored larger organizations, it extends the high performance and high security of the IronKey platform with remote management, enforcement of configurable policies (e.g., password strength), strong authentication capabilities, etc.It gives you the option of giving users some or all full identity and privacy protection of onboard software and online services available on IronKey Personal