This article can also be found in the Premium Editorial Download "Information Security magazine: How to be successful with your security steering committee."
Download it now to read this article plus other related content.
One of GoldKey's unique features is the ability to use group encryption keys as well as personal encryption keys. A virtual disk may be encrypted by one member of a team, with full access by other members in the same group. GoldKey provides a basic management tool that makes management of groups and group memberships easy.
GoldKey also supports master and grand master keys, as well as the ability to duplicate tokens. Together, these tools help eliminate one of the greatest fears of encrypted data: permanently losing the key. While GoldKey's mechanisms won't scale up to a Global 100 enterprise and don't integrate with the corporate directory, they are easy to use and simple enough for fairly large deployments.
However, be aware that GoldKey doesn't have any online magic to access controls. You can't remotely revoke privileges to read or write a volume from someone, and if someone loses an encrypted volume and token, and writes down the password to the token, whoever finds all three will have full access to the volume. GoldKey doesn't protect you against rogue employees, just forgetful ones.
While testing GoldKey, we kept hoping it would do more than it does-but it doesn't. Features such as auto-lock of laptop and encrypted drives when the token is removed are present, but they can't be centrally controlled or locked. Other common features, such as automatic timeout to require reauthentication, aren't available. While you can email around GoldKeyencrypted volumes, there is no real integration with any application other than the file system.
While GoldKey is far from a do-everything desktop security solution, it handles the problem of key management for encrypted volumes very well.
Testing methodology: We used MacBook Pro and IBM ThinkPad X61 laptops to test the GoldKey USB key. We encrypted volumes and used them for day-to-day operations for a week. In addition, we used simple benchmark tools to compare performance of GoldKey USB, native O/S hard drive and native encrypted file systems.
This was first published in January 2009