Archive for the Data Security Category

USB Encryption Methods

14. November 2008 by David Peterson.

USB encryption methods are going to be a hot topic over the next few years. Today the most advanced encryption readily available is AES256. AES256 is the current standard of cryptographic algorithm used by the U.S. Government. This encryption can be applied to USB flash drives.

 

There are several companies currently offering some form of encryption for your USB flash memory device. These encryption methods can be quite complicated. Before deciding on purchasing one you have to ask… What will I be encrypting?

 

Here are some of the many choices:

  • I want to encrypt the data that is on my USB device just in case I lose it.
  • I don’t want people to know where I have been surfing.
  • I don’t want my identity exposed.
  • I don’t want my passwords stored on the device.
  • I want my passwords encrypted.
  • I don’t want to enter passwords every time.
  • I need my email encrypted.
  • I don’t want encryption I just want the drive password protected.
  • I need simplicity.
  • I need it to work every time it is plugged into the port.

You can see from the choices above that there is a lot to encrypting data. As an example if you have super sensitive information stored on the drive then do you really want your passwords stored on the same drive? If you lose it and the right person picks it up then they may be able to use “brute force” password guessing software to retrieve the data off the drive.

 

Here are two products that offer AES256 encryption. They do it in two totally different ways. One e-Capsule uses software that you load on the drive and the other IronKey uses the drive like a piece of hardware.

 

Software encryption:

e-Capsule™ Private Safe USB-U3 (Starts at around $35/unit)

 

Hardware encryption:

Ironkey.com (Starts at around $79/unit)

 

Which is best for you? It depends, you may want every security option available but in the end you may not have the expertise to make the device work efficiently for your tasks. Look at it this way - if the USB flash memory becomes a pain for your employees they will probably stop using it.

Posted in Data Security | No Comments »

USB Data Security – Rules and Procedures

10. November 2008 by David Peterson.

I have been thinking about this subject for sometime. Last spring and again in this past summer I have read several accounts of USB drives own by the military being stolen by foreign base workers and then being sold in the bazaars of Afghanistan. I wonder how many of these military drives my company produced over the years.

 

My company sells no less than 50 units of these USB flash memory drives to every customer. Sometimes we produce 1,000s of units for one customer. That’s just our company - the point is there are millions of these USB flash memory devices in the field. All of them very small, easily stolen, easily lost, misplaced, or just plain forgotten.

 

What type of data is on all of these drives? Is there customer information, corporate information, personnel records, payroll information, technical specification, credit card numbers, military matters? 

 

Who is responsible if the drives are lost or stolen? If you are reading this then – probably you! These drives are so small yet they can hold gigabytes of data. What keeps a malicious employee from downloading gigabytes of data and just walking out of your corporation’s front door?

 

How can you protect your company and your customers?

 

There are some incredibly sophisticated data encryption methods that you can apply to the drives. I will touch on these in future posts. Most may be a bit impractical for the average user since desktops computers and technologies in general change constantly. However that doesn’t mean you shouldn’t set up certain corporate governing rules when dealing with these devices.

 

Here are some simple steps to protect your company and your data:

  1. Establish corporate portable data storage rules and procedures immediately.

  2. Issue everyone that uses a computer a USB Flash Drive with your corporate logo imprinted on the device.

  3. Have your USB flash Drives serialized so you can keep track of who owns which drive.

  4. Do not under any circumstances let unauthorized data drives into your work location. This includes employee’s personal laptops.

  5. Use either lanyards so the drives are visible or use the Credit Card Memory® style of drives that fit into men’s and women’s wallets so they will not be lost.

  6. Establish corrective action proceeds for employees that do not follow data storage rules.

  7. Have a collection point for all old, bad, or unused drives. These drives need to be destroyed.

  8. Inspect what you expect! Do routine audits of corporate material on the flash drives.

USB Flash Drives are becoming faster and will soon be capable of holding terabytes of information. Your company needs to get ahead of this portable data storage problem. 

 

Look at it this way – I bet you have a shedder company that picks up your discarded paper documentation to be destroyed and recycled but you let gigabytes of data walk out your front door everyday. Set up your portable data storage rules and procedures today. 

Posted in Data Security | No Comments »

|