IronKey Enterprise Edition USB Flash Drives with FIPS 140-2 Level 3 Validation
Coined as “The World’s most secure Flash Drive,” Ironkey’s USB flash drives have proven to be a hardy product ready for the real world in need for high security. IronKey has designed drives and a friendly user interface that are both really easy to use, manage, and most importantly, deploy. As we’ve seen as technology has progressed, USB drives have become more predominant in the work place. In some industries, security is key to protect operation protocols, sensitive materials, financial documents, and other data. In fact, non- secure USB drives ended up for sale in bazaars in Afghanistan, drives that had U.S. military information on them. Now think of the companies that are so protective that they would do anything to destroy data that got into the wrong hands. IronKey’s Silver Bullet service is the solution to remote data destruction, this and a few other features in IronKey’s service provisions offer extremely high levels of security in a drive designed and assembled here in the United States.
The drives I was able to review were the D2-S200-S02-4FIPS, which are the 2GB Enterprise version of IronKey’s flash drive product line. All of IronKey’s Basic, Personal, and Enterprise level flash drives all carry FIPS 140-2 Level 3 Validation, which provides high-speed 256-bit AES hardware-based military-grade encryption. Using IronKey’s Cryptochip hardware encryption is different from loading software encryption because all encryption and encryption keys are handled entirely on the drive itself, leaving no trace on the computer that the drive is being used on. Now there are a lot of features that IronKey offers with its drives and I’m going to try to go over many of them, some of which are Enterprise- level specific.
First, IronKey has used premium-quality components in assembling its drives– from the casing to the internal components– the drives have been designed to be waterproof and tamper-resistant, and premium flash chips that are designed to retain the integrity of data is standard. All of these high quality components have been used in the drives to extend the longevity of the drives themselves and the data that they are tasked to hold. It was explained in a product briefing that the drives themselves are able to protect the data stored on them when tampering is detected. Apart of the rugged and secure design, every IronKey is filled with a hardened epoxy that fills the space of the solid aluminum shell, which creates a physical strong box that prevents crushing, breaking into, and the removal of the chip board from the device itself. Even if the board is successfully removed, the Cryptographic chip has the built in capability to wipe all the data if it’s tested or probed in any way. The drive is also x-ray proof, protected by a thin-film metal shielding, for those who would go so far as to physically hacking their way into the flash drive.
The next feature is Enterprise-level only. The Administration and User Enterprise Dashboards are very easy to use, manage, and deploy in any business situation. The my.ironkey.com website is secure and very easy to use. From implementation to company wide deployment adding users, managing users and groups, is easy for system administrators and managers. Top-level system administrators can create custom administrators who then can manage departments of keys with everything from providing user and device assistance, viewing the admin console, to managing the encryption policies for their specific users. The Enterprise Dashboard is a very useful tool where administrators can view usage, device status, device activity, and even the location that drives are being used in, down to the IP address, service provider and approximate geographic location. This information can also be used to create IP block lists so that certain IP addresses can be blocked or a certain range enabled so that devices can only be used within a building or network. Another feature in the Enterprise Dashboard is the capability to deny, disable, and destroy devices remotely; this feature allows administrators to disable/wipe drives of employees that are no longer allowed access to the data stored on the drives.
Another feature available is the Silver Bullet service which allows for the destruction and blocked access of the drive remotely from anywhere on Earth. Now it has to be understood that the “detonation” of the drive is a permanent action and it cannot be reset once it has occurred, effectively it becomes a USB flash drive paperweight. Drives also indicate if they’ve been “detonated” because the normally green exterior status light will turn red and remain on whenever it’s plugged in. Silver Bullet uses a command that when sent, will tell the chips on the IronKey to self-destruct their data and block access to the drive. While companies will use this service sparingly it’s a highly useful feature for administrators who must protect their assets.
Enterprise drives also have the option of being loaded with on-board security software. Some of the on-board software includes RSA SecurID and CRYPTOCard, both of which generate either secure identity certificates or secure one-time password generation. Other software can also be included on Enterprise drives such as a portable version of Mozilla Firefox.
All IronKey drives include a secured mobile version of Mozilla Firefox. This version of Firefox is run directly off the drive itself and leaves no cookies, history, or other tracers behind and is completely encrypted. It’s also the version of Firefox launched to get to the online account when it’s selected from the IronKey menu. Using IronKey Secure Sessions triple encrypts all of your browsing data and uses secured DNS servers that provide protection against spoofed websites or other Internet traffic.
Active malware protection is yet another good feature and is a feature that is built-in to every version of the IronKey. The devices automatically scan and report if any malware was detected in the incoming data. This feature also protects corporate networks from becoming infected from exterior sources or spreading malware throughout the office.
Now while the devices themselves are enabled to work on multiple operating systems, Administrators need to be on a Windows-based computer. Administrators can then manage through the Dashboard password policies and criteria (length and characters required), creation of the IP block list, secret question requirements as well as other settings. Mac users and administrators can also use some features in the Dashboard but not all the on-board security software.
Adding new users is as easy as entering their name and email, selecting their access level and then sending the user their new IronKey. Administrators don’t have to set up keys for individuals nor do they have to interact directly with the individuals. Technical support can be provided over the Internet to users and keys, as well as password retrievals, access level upgrades/downgrades and all other aspects from disabling, wiping, and recovering lost passwords. Deleting users is just as easy. With a few clicks a drive can be disabled or wiped and the user associated with it deleted.
In the few weeks I was able to test a few of the IronKeys, learning and using the Enterprise Dashboard was quick and easy. I was able to set up accounts with different policies, test the deny and disable features from multiple that included behind university firewalls and from public wifi hotspots. I was also able to test the Silver Bullet Detonate feature, which worked very quickly to disable a certain device and wipe its contents and disable the device. Cross-platform testing also proved that the drives are ready for use in Linux, Windows, and Mac environments, although some features are limited in Mac environments.
There are multiple editions of IronKeys available. Both the Basic, and Personal level devices are available to the public from sizes 1GB all the way up to 32GB with starting prices at $79.00 USD. While the Basic and Personal levels will be sufficient for the individual looking to secure their data, they are also limited in some features that are only available with the Enterprise level devices. I had the chance of reviewing the Enterprise drives and the Enterprise Dashboard and I highly recommend the product for companies of any size that want to protect their data while it’s out in the public hands of their employees. For the everyday user who just wants a secure drive to store say banking records, financial statements, property deeds, and other digital information, then the Basic and Personal are the drive level for you. –Joshua Virata