Both Kingston Technologies and IronKey this week announced new models of their USB flash drives, as well as a security certification that clears them for use by US and Canadian government agencies in accordance with the Federal Information Processing Standard 140-2 Level 2.
Kingston announced its new DataTraveler BlackBox USB drive, which uses 256-bit hardware-based AES encryption. IronKey announced an enterprise-class version of its drive, which uses 128-bit hardware-based AES encryption.
Neither 256-bit nor 128-bit AES encryption methods have been broken, nor will they likely be any time soon, experts say.
IronKey's enterprise drive allows central password management and allows admins to define what software runs on the drives, password strength, as well as how many failed log-ins occur before users are permanently locked out of devices. Admins can also control whether end users can perform their own password recovery through authentication questions, which Jevans said is useful for non-technical employees who use flash drive infrequently.
Charles Kolodgy, research director for secure content and threat management products at IDC, said FIPS 140-2 reviews ensure device designs and encryption methods have been performed correctly. "That's the first step ... to validate that the encryption works as advertised," he said.
FIPS (Federal Information Processing Standard) was developed by the US National Institute of Standards and Technology for use by government agencies and their government contractors, but not necessarily by the military, which often requires even higher security standards.
Security technologist and author Bruce Schneier, however, sees security certifications as nothing more than appearances, saying that security is a "lemons" market and the only way you can really guarantee your data will be safe on any given device is by shelling out thousands of dollars for an engineering study.
"It's all about signals, and certifications is one way a seller signals to a buyer that his products are good," Schneier said. "It has nothing to do with whether or not the certification is a good idea or not; it's all about marketing."
Dave Jevans, CEO of IronKey, said getting the IronKey drive FIPS certified took about eight months and required visits by government evaluators who tested the product.
"Effectively, they validate that your encryption algorithms are correct. Then they validate more complicated things like your overall system design," he said.
AES is the successor to the older DES (Data Encryption Standard) and is used by the US government for encrypting secret-level and top-secret-level documents, using the 128-bit and 256-bit strengths respectively.
Both drives use hardware-based encryption, which Kolodgy has said is more secure because in software-based encryption, the keys are placed in the device's memory, so a hacker will know where to look for the keys by their unique format and can target those keys for a brute-force attack.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
FrontRange Solutions launches HEAT Plus Mobile to reduce help desk costs and improve service management productivity 2008-12-02 15:15:00+11
AARNet Helps to Advance Indigenous Health 2008-12-02 12:44:00+11
Orbis selects Telstra International as its data centre partner for the UK, Europe and Middle East Region 2008-12-02 11:23:00+11
ComOps Deploys Corporate Performance Reporting Solution For Healthcare Test Manufacturer 2008-12-02 10:09:00+11
Mornington Peninsula Shire implements Objective to manage knowledge and deliver service excellence 2008-12-02 09:56:00+11
Strategies for Eliminating .PST Files
Join industry expert Martin Tuip to discover best practice strategy for the archival and removal of .PST files using email archiving. Learn how to ensure long-term email records are there when needed, and reduce the risk to your business and clients.
Buying Guides
Latest Products
Buying Guides
