Last week I had the honor of presenting at SecureWorld'09 in Valley Forge, Pa. I thought the conference organizers did a great job in choosing the speakers and tracks. Topics covered included: Securing enterprise mobile devices; botnets; malware 2.0; computer evidence handing; and my favorite, how to perform a VoIP security audit.
After my presentation, I had the opportunity to walk around and talk to the conference exhibitors. One vendor, IronKey, caught my eye. (IT Business Edge's Paul Mah has been singing the praises of IronKey for some time now.) The company makes a secure flash drive unit that is just fantastic. According to Steve Gehris, IronKey's regional channel sales director, IronKey currently sells 1, 2, 4, and 8GB unit with a 16 GB unit to be released soon and a 32 GB later this year.
IronKey Enterprise allows an organization to manage devices remotely over the Internet through a management console. If a unit is lost, the digital certificate that allows the user to securely connect the device to their computer can be revoked. In addition, the data on the drive is AES Cipher-block chained encrypted. The encryption keys use a 128-bit DRNG and the PKI uses a 2048-bit RSA encryption method.
Drop the unit in water, no problem. The unit itself is water and tamper proof. Gehris also says that the drives can either be managed internally or hosted by IronKey. The drives are used by 100 of the Fortune 500 with Google, CocaCola and GE topping the list.
I personally don't like USB drives in the enterprise. I think the risk of losing them or someone stealing them is too great. However, with a device like IronKey now available, if an organization does have a need for USB drives, this is the unit you want to buy.