IRONKEY: REMOTELY MANAGED
Each IronKey Enterprise drive has the built-in capability to be managed centrally and remotely by policies that define how the drive is configured and how it can be used. IronKey management makes it possible to deploy large numbers of devices in a consistent and controlled fashion.
Centralised and Remote
Each time an IronKey Enterprise device is unlocked it will load a set of policies from a resident file in a protected area of the drive. The policy file is updated during each use through the host PC’s network connection, assuming the network is available. Thus an organisation can define, distribute and update policies for IronKey drives even if the drives are already deployed in the field.
Customisable, Policy-based Controls
The IronKey Enterprise solution allows an organisation to define and enforce role-based policy rules for how drives are configured, determining whether users have access privileges to an IronKey drive, and to specify what authorised users are allowed or required to do or are restricted from doing. IronKey policies include settings for:
Assigning Entitlements for both administrators and end users including a requirement for second approval of new admin accounts
Enforcing Security Policies that cover requirements such as password strength, malware scanning frequency and inactivity timeouts
Configuring Device Software Policies that control which of the applications that come bundled with IronKey drives are enabled for which group of users
Setting Rules for restricting access to IronKey devices if network connectivity is unavailable or the network is not trusted
Your organisation can have an unlimited number of policies. Every time an existing policy is modified, a new version of that policy is created (e.g., Policy 2.001, Policy 2.002). All changes in the administrative console will be archived, and an easy-to-use dashboard shows who made what changes, when they were made, and which user accounts were affected.
Silver Bullet Services
IronKey Silver Bullet Service provides a simple and effective method of remotely over-riding a user’s device policy in the event their status or the status of the device changes. For example, if an employee is terminated from the organisation, their device policy can be temporarily disabled until it is returned. In the event the device is lost or stolen it can be sent a self-destruct sequence, which will perform a complete erase of the data and the device keys.
Lifecycle Management, Tracking and Reporting
The IronKey Enterprise Remote Management service streamlines the process of provisioning devices for large groups of users and even provides capabilities for device recovery if employees lose passwords. IronKey Management also allows for re-provisioning devices to new users in the event of employee transfers and/or departures.
The IronKey Management Console provides a dashboard that makes it easy to view summary graphs and reports about user activity or administrator activity, as well as status reports about deployed devices.
Antivirus Scanning Service
In addition to onboard active anti-malware defences, IronKey Enterprise drives offer an onboard malware/AV scanning engine (as a policy-controlled option), which will scan each file on the drive every time the drive is unlocked, or at a policy-scheduled interval.
Surfing the Web Safely
For organisations with mobile users who sometimes access the Internet at public wireless locations such as airports, hotels and coffee shops, the IronKey Secure Sessions Service provides a Trusted DNS source and an infrastructure managed by IronKey that will safely route the user to their intended destination website. The Secure Sessions Service prevents against man-in-the-middle attacks by rogue wireless access points while also checking to make sure that the eventual destination is not a known phishing site.
Enhanced Authentication
Beyond simply protecting the privacy of users’ data, an IronKey drive can also play a dual role as a strong, two-factor authentication device for One-Time Password or client-side x.509 Digital Certificate Authentication.
Through policy controlled applications, IronKey devices can be configured with any of the following:
An Identity Manager application that can serve as an alternative to Single Sign-on by securely managing multiple accounts and passwords on the device
A RSA SecurID or CRYPTOCard Soft Token on the drive
A customized version of Mozilla Firefox that will provide mutual authentication to an appropriately configured website