Secure USB Drive

Missing or stolen USB flash drives have had a great deal of attention over the past two years.  But bigger drives can go astray too, and when they do, it can mean a truly massive data loss.

It was announced yesterday that a hard drive has been reported missing from the US National Archives, containing over 1 terabyte of sensitive data from the time of President Clinton’s administration.  Data includes the personal information of White House staff and visitors, logs of events, social gatherings, political records and more.

The drive was apparently stored in an unsecured work area, where National Archives employees were digitising information from the Clinton administration.  It’s estimated that over 100 staff had access to the area during the time period when the loss happened.  The FBI is now conducting a criminal investigation.

Mandatory hardware encryption – like that featured on our Cruzer Enterprise range of secure USB flash drives would have nullified the threat of such a loss.  As the old saying goes, the bigger they are, they harder they fall.  That applies to drive storage, too.

The results from a recent international security survey showed that a majority of small & medium businesses (SMBs) felt they lacked basic security measures to protect their sensitive business data.

The top three security concerns stated by SMBs were viruses, data breaches, and loss of confidential or proprietary information through USB and other devices.

Yet one of the key findings was the low take-up of endpoint security of any kind, with well over half (56%) of the SMBs surveyed saying they had no endpoint protection deployed.  Two of the key reasons stated for this low level of uptake were lack of budget (41%) and employee skills (40%).

However, there’s no need to spend big money, or deploy large-scale solutions to secure against data loss or leaks via USB.  Secure USB flash drives enable staff to enjoy the portability and convenience of USB without the risks, by automatically securing data copied to them. 

What’s more, these drives can add additional security features, such as anti-malware capability while being easy to use, as this review shows.

With security, it’s often the small things that count.

Torbay Care Trust, an integrated community health and adult social care organisation in the South West of England, has chosen our Cruzer Enterprise secure USB flash drives to help protect mobile data stored on the drives from unauthorized access.

The organisation has purchased and rolled out 1000 Cruzer Enterprise flash drives. The drives will be issued to and used by all staff members, in particular those employees working remotely or transferring data between sites.
 
“We decided to deploy an encrypted USB solution across the Trust as data security breaches have become a national concern,” said Sue Fankhauser, IT buyer for Torbay Care Trust. “Our IT department felt that it was necessary to employ a best-practice solution to protect data against any potential threats and to reassure the public that patient data is secured. After evaluating numerous encrypted flash drives, we chose the Cruzer Enterprise flash drive because it met all of our security requirements.
 
“We also asked SanDisk to send us the USBs without any unnecessary packaging - which they were more than happy to do. As well as being environmentally friendly, this produced no waste at our end, helping to support our eco-friendly policies.”
 
Recent data security breaches within other Government organisations have led to calls for greater data security with transportable media devices, such as data sticks, and by deploying the SanDisk drive, Torbay Care Trust feels it is setting the standard for others to follow.

With Windows 7 now being available to download, many users will be exploring and experimenting with its new features. 

One of these that’s been getting a lot of interest online is the built-in ability to encrypt removable storage devices, such as existing USB thumb drives.  While it’s good to see an operating system with integrated security features, it’s worth looking at the details of exactly how secure the method is.

While this software encryption does offer reasonable protection for data – and is certainly better than no encryption at all – it can still leave data vulnerable.  The software-based encryption used in the article is not “always on” as part of the device specifications – so the user has to remember to actively encrypt data.  Unlike the hardware encryption on our Cruzer Enterprise range of secure USB drives.

Second, hardware-based encryption does not require any type of driver or software installation on the host PC.  This keeps the encryption independent of the PC without leaving behind software footprints. 

So if you’re going to remember to encrypt every piece of sensitive information you carry on a pen drive, the Windows 7 approach is fine – but you shouldn’t rely on it for every user in an organisation.

After several years when the malware threat was steadily diminishing, the latest quarterly threat report from our anti-virus partner McAfee shows that it’s on the rise again. 

Zombie computers, which are controlled remotely by spam botnets, grew by about 12 million PCs in the first quarter - a 50% increase since the last quarter of 2008, McAfee said.  This also exceeds the previous record by 1 million.

And while the much-discussed Conficker worm has yet to reveal a malicious payload or real threat following its rapid spread earlier this year, it is a sign of things to come, said the report.  AutoRun-based malware, which can use USB drives to spread to new PCs, was seen in far greater numbers than Conficker in Q1 2009 this quarter.

So it’s wise to use secure USB drives like our Cruzer Enterprise, that features onboard, integrated anti-virus scanning, to stop Auto-run malware spreading this way.

Wouldn’t it be great if we could just flick a switch, and all sensitive data would be fully secured against loss or theft?  Unfortunately, it’s never that easy, as this article points out. 

It looks at four recent, high-profile data losses from UK public sector organisations, and asks how many times do significant data losses have to occur before both private- and public-sector organisations deploy data encryption. 

That’s a very good question.  It’s also a reminder that if security is a race, it’s not a sprint, but a marathon.  It’s a case of gradually extending security, to close the points of weakness and loopholes within organisations. 

Solutions like our Cruzer Enterprise secure USB drives make it easy for organisations to secure data on the move, without adding complexity – making them a significant milestone in the long run towards total security.

Earlier this week, another UK Health Service body suffered a data breach when a member of staff lost an unencrypted pen drive.  The drive contained the details and medical records of thousands of patients, including patients’ names, addresses, dates of birth, hospital and national insurance numbers and details of their medical treatment.
 
The data had been downloaded against data handling regulations, and has not been found as yet, forcing the organisation to make a public apology and write to all the patients whose details have been lost. 

This is in contrast to a similar UK health organisation which deployed SanDisk’s secure USB flash drives to all its key staff, to secure mobile data and protect against just this type of breach.  By using the Cruzer Enterprise drives, data is encrypted without the user being able to tamper with the process, and without affecting drive performance or usage.  This makes it a win-win both for the organisation and for the users.  An altogether healthier approach to security.