Encription for USB Drives

Networking/Security Forums -> General Security Discussion

Author: SystemAdmin PostPosted: Tue Mar 29, 2011 7:55 am    Post subject: Encription for USB Drives

We are looking for a best solution to implement encription on the USB drives we provide to our staff. There are many software available on the Internet which can be used for this purpose but I wanted to have an expert advice on going for a best method of encription and/or selecting a good (paid) software for this purpose.

Many thanks in advance for any help with this!

Author: AdamVLocation: Leeds, UK PostPosted: Tue Mar 29, 2011 10:45 am    Post subject:
What's the mix of OS in use on the clients?

Is this a domain environment?

(it may be worth using group policy to ensure that only compliant USB keys can be used, to make sure that the only drives that can be written to are encrypted, you may also want to restrict reading from drives to prevent people bringing in malware or unlicensed software that way)

How many users / USB sticks are you likely to be dealing with (more means you need better central control tools, fewer maybe means something a bit manual is required).

Do you need to worry about having a means of central (secure) recovery if users lose their decryption key / pin / password? Or do you only expect data on the sticks to be copies of things you already have and control within the corporate data centre?

Are you looking for a pure software solution or hardware (such as IronKey)?

Author: SystemAdmin PostPosted: Tue Mar 29, 2011 11:05 am    Post subject:
Thanks for the reply AdamV!

The OS is Windows (7 and XP).

Actually we are looking for a solution so that when staff loses their drives during travel etc then official data should not be accessible to the person who found lost drive(s).

We do not have any need to implement encription within our domain.

It would be very useful if you could give your advice for both software and hardware solutions.

Many thanks!

Author: AdamVLocation: Leeds, UK PostPosted: Tue Mar 29, 2011 2:52 pm    Post subject:
My point about controlling this through domain policies is that, for example, you can control your Windows 7 machines so that no-one can write to a USB thumb drive which has not been suitably encrypted (using "Bitlocker to go" as an option).

Encrypting company-supplied drives is all very well, but if users can also bring in their own cheap devices and copy data to these, they are still vulnerable.

Author: Dezaxa PostPosted: Thu Mar 31, 2011 4:19 pm    Post subject:
Adam makes an important point that you should consider. There are many encryption systems that will encrypt a USB device, but the result might be that each user will have a separate password for their device. This can mean
- more passwords to remember;
- if the user forgets the password, it cannot be recovered;
- if the user falls under a bus, nobody else can access their device;
- a malicious user might smuggle data out.

In a small company, you may be able to deal with these issues by using administrative controls, e.g. requiring every user to keep a record of their device password in a secure location. In a larger company, you may want to find a system that ties in with your directory service (e.g. ActiveDirectory), or that provides an enterprise management service.

As a starting point, Ironkey have a good reputation in this space, though you should definitely compare a few others.

Networking/Security Forums -> General Security Discussion

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group