Business

ironkey enterprise edition

Overview

Managed Secure Mobile Storage, Strong Authentication and Portable Virtual Desktops for the Enterprise

USB flash drives–with their small form factors, large storage capacities, and high transfer rates–have revolutionized mobile data storage. An increasingly mobile workforce relies on these devices to transport files when they travel to customer sites, share data with partners and co-workers, use more than one computer, and work from home. USB flash drives also make it easy for workers who are traveling to back up business files.

The challenge for enterprise IT and security professionals becomes one of balancing the enormous productivity benefits of flash drives with the threats they pose to the organization. Easily lost or stolen, flash drives pose a risk of data loss and leakage, which carries with it the potential costs and liabilities of a data breach. In addition to allowing data to leave the organization, flash drives can also allow malicious code to enter, infecting corporate PCs and networks with dangerous malware and crimeware programs.

Always-On Military-Grade Hardware Encryption and Active Anti-Malware

IronKey, through research initially supported by the U.S. Department of Homeland Security, has focused on solving these critical challenges. The result is the world’s most secure USB flash. This intelligent mobile storage device combines an advanced Cryptochip (which protects data with AES 256-bit military grade encryption in hardware) with an array of physical and electromagnetic defenses that prevent intruders from accessing the chips or encryption keys. Active malware defenses further protect IronKey drives–and computers on which they are used–from becoming infected with viruses and worms.

Central Management, Policy-Based Remote Control, and Secure Device Recovery

Encryption alone is not sufficient to meet the data security and compliance needs of enterprise customers. That is why the IronKey Enterprise solution combines advanced management server software with capabilities built into IronKey drives to enable sophisticated central management and policy-based control over fleets of drives. IronKey central management includes secure device recovery and the ability to remotely disable or destroy drives that are lost, stolen or in the possession of former employees and other unauthorized users.

A Platform for Strong Two-Factor Authentication and Portable Virtual Desktops

Beyond the benefits of security and manageability, IronKey drives also comprise secure platforms for deploying portable virtual desktops. Additionally, organizations can use the onboard digital certificate or solutions from RSA and other third parties to consolidate encrypted mobile storage and strong two-factor authentication in a single device.

Remote Management

Remote Management

Eliminate the risks posed by uncontrolled flash drives in your environment without impairing the productivity of your mobile workers. IronKey Enterprise lets you take charge of USB storage with a sophisticated management service that makes it easy to remotely administer thousands of secure IronKey drives over the Internet. Now you can enforce encryption and security policies even as users work from home.

Enterprise-Class Central Management

Establishing policies that require employees to use only encrypted drives is not enough to protect against data loss or to ensure compliance with various industry and government privacy regulations. An enterprise-class approach requires sophisticated management capabilities that allow administrators to easily and rapidly deploy encrypted flash drives, and then remotely manage them in the field.

The IronKey Enterprise management service allows tiered administration of drives: Enterprise System Administrators can designate other administrators, who can then manage users and policies on the devices.

Remotely Enforce Security Policies

Administrators can remotely enforce policies to ensure that data stored on IronKey USB drives is inaccessible to unauthorized users. This includes integration with third-party device control systems to allow only hardware-encrypted IronKey Enterprise drives to mount to your organization’s PCs. This approach safeguards your critical mobile data, because all data transferred to an IronKey drive is automatically protected with AES 256-bit hardware-based always-on encryption (users cannot turn off or otherwise disable this military-grade protection).

Remotely Terminate Drives in the Field

In the event the drive is compromised in any way–such as if a user loses the device together with a written password or an employee moves to a competitor with the device in his or her possession–administrators can, over the Internet, remotely revoke access to the stored data, or even tell the drive to “self destruct” its internal circuitry.

Compliance

Compliance

With new state privacy laws, industry regulations such as PCI, and updates to HIPAA and other federal mandates stemming from the HITECH Act and ARRA (also known as the 2009 Stimulus Act), organizations face an increasingly stringent and more complex compliance landscape. In addition to the embarrassing public disclosures and the high costs of remediation, a privacy breach can distract IT staff from their business tasks by requiring them to constantly respond to auditors and regulators.

Eliminating Compliance Risks with Managed Secure USB Drives

USB flash drives pose a unique compliance risk. Their small size makes them easy to conceal and easy to lose. The best way to mitigate this risk is by ensuring all data stored on your organization’s flash drives is encrypted. In fact, many privacy laws now either mandate encryption or provide “safe harbor” if data on a device was encrypted at the time it was lost or stolen. You cannot achieve compliance without management, which includes the ability to:

  • Know to which employee the drive was issued
  • Know when and where that person used it
  • Prove the device has not been accessed in the event it is lost or stolen

IronKey addresses compliance needs with an enterprise-class solution for protecting mobile data that combines secure hardware-encrypted flash drives with central management software.

Always-on Encryption

IronKey Enterprise devices encrypt data in hardware whenever the user transfers files onto the drive. The user cannot turn off encryption or circumvent it in any way. This “always-on” encryption not only ensures that an organization’s critical data is always protected but also makes compliance with PCI and state and federal regulations virtually automatic. No software or drivers need to be installed–your users can use IronKey devices on Mac, Linux, and Windows computers–even on their home computers–and your organization’s critical data is always protected.

The IronKey Cryptochip protects data stored on IronKey drives with AES 256-bit hardware encryption. IronKey drives are the first to meet the U.S. government’s strict FIPS 140-2 Level 3 criteria for cryptographic technology. The result is the strongest mobile data protection available.

Central Management and Secure Device Recovery

In addition to central management software that includes audit trails and other capabilities necessary for compliance, IronKey Enterprise provides Secure Device Recovery. This function allows administrators to recover the contents of a drive if the end-user loses the drive, or leaves the company with it, thereby helping to maintain and prove custody of data stored on a drive. There are no back doors to this device recovery system. The central IronKey management server also allows you to revoke Admin status if the administrator leaves the company.

Authentication

Strong Authentication and Single Sign-on

Many organizations require a method to prove that network users are who they say they are. A number of solutions are available to authenticate users before they can log-on to the corporate or agency network, and these typically require the user to carry a smartcard or token with them. IronKey drives comprise a revolutionary platform for strong authentication, providing the capability to combine strong encryption of mobile data with strong two-factor authentication–in a single device.

Password Management and Single Sign-on

IronKey devices can be configured to allow users to store and manage all their network login credentials using the onboard identity manager. This advanced capability provides many of the benefits of Single Sign-On, without requiring modifications to enterprise systems.

Consolidate Encryption and Authentication in a Single Device

IronKey works with leading authentication technology providers to deliver pre-integrated solutions. These include CRYPTOCard one-time password technology, as well as the capability to generate RSA SecurID and VeriSign One-Time Passwords. IronKey Enterprise devices can hold up to 50 RSA tokens.

Onboard Digital Certificate

Each IronKey Enterprise device includes an onboard digital certificate and PKCS #11 interface that enable rapid deployment of strong authentication for online enterprise applications.

Anti-Malware

Self-Defending Flash Drives with Active Anti-Malware

Many organizations must weigh the significant productivity benefits gained by the use of USB flash devices with the risks they can bring. Conventional USB flash drives and memory sticks provide a pathway into the organization for various types of malicious code. Unlike these unprotected devices, IronKey Enterprise drives are intelligent self-defending storage devices with active malware defenses, strong, two-factor authentication (onboard certificate in hardware), onboard security co-processors, and onboard anti-virus scanning software. They are also capable of remote management, allowing IronKey to provide automated security and anti-malware updates over the Internet or corporate network—with the absolute security provided by authentication in hardware. This allows IronKey devices to provide your mobile workers with a high level of malware and crimeware protection.

IronKey has worked closely with the U.S. Department of Homeland Security Science & Technology Directorate to research the next generation of malware and crimeware defense technologies. These include:

  • Anti-Worm Secure AutoRun Protection — Prevents AutoRun malware such as the Conficker worm from infecting IronKey devices and corporate networks
  • Write Protection — A Read-Only mode stops malware from jumping onto an IronKey device from an untrusted PC
  • Policy-based Controls to Restrict IronKey Usage to Trusted Networks — Policy-based controls allow administrators to restrict which networks employees can use their IronKey Enterprise devices on
  • Anti-Virus Scanning — IronKey has launched an industry-leading service for delivering anti-virus scanning updates to detect and remove a broad spectrum of malware from being copied onto or off IronKey drives
  • Secure Manufacturing Processes — IronKey manages a secure supply chain, ensuring that devices cannot be infected during the manufacturing process. IronKey devices are designed and assembled in the USA

Virtualisation

IronKey Desktop Virtualization Solutions

From allowing employees to work at home on their own PCs to providing continuity of operations in the event of a disaster, portable virtual desktops offer a number of advantages over fully loaded conventional PC desktops. IronKey enables you to securely deliver a range of virtual solutions—from virtualized applications to complete virtual work environments on USB flash drives.

IronKey offers customers the choice of high-performance, high-reliability drives that employ superior NAND flash memory. These devices comprise an ideal platform for securely deploying virtual desktops, which can strain conventional consumer-grade flash memory because they continuously read and write to the host. IronKey hardware encryption is also much faster than software encryption, helping to make the virtual desktop experience transparent to end-users.

Deploying virtual desktops on secure IronKey Enterprise drives means your employees can carry their working environment with them and use it securely anywhere they go. This preserves your organization’s investment in PCs while making it possible to safely leverage employee-owned machines—or even untrusted machines in the field. It also provides a more secure mobile computing platform than laptop PCs, which, if encrypted at all, are typically protected with software-based encryption.

Managed and Secure Portable Virtual Desktops

IronKey gives virtualization new levels of security and mobility by enabling organizations to securely deliver complete desktop environments on ultra-secure, remotely managed USB flash drives. IronKey supports a continuum of portable client virtualization solutions—ranging from portable applications, to virtual desktops and bootable USB flash drives, which make it possible to run Windows or Linux from an IronKey drive.

The IronKey virtualization solution allows end users to access a personalized desktop—complete with applications and data—without jeopardizing the security of corporate or agency data. All applications, data and user preferences are protected within the security of the hardware-encrypted IronKey intelligent flash drive. Users launch applications directly from within this security shell. The IronKey drive also provides onboard anti-malware protections to protect data against theft by crimeware, and prevent the spread of malware to enterprise networks.

Unlike conventional virtual desktop infrastructures, which must read and write data from a centralized server over a network connection, users can access this self-contained work environment from any location—with or without a network connection. By eliminating the need to communicate over the network, the IronKey solution also provides improved performance for a transparent user experience.

Highly Reliable Platform for Portable Virtual Desktops

Virtual desktops do not perform well on conventional consumer-grade flash drives. The need to continuously read and write to the host slows performance and wears out regular flash memory. IronKey offers customers the choice of high-performance, high-reliability drives that employ superior NAND flash memory. IronKey hardware encryption is also much faster than software encryption, helping to make the virtual desktop experience transparent to end-users.

Additionally, because IronKey drives are intelligent, remotely managed, and contain hardware-based strong authentication capabilities, you can authenticate both users and their IronKey devices before allowing them to access your network.