Published: 11 Feb 2009
IronKey Enterprise Secure Flash Drive
Price: From $79 to $299 for 1, 2, 4, and 8 GB devices
IronKey Enterprise Secure Flash Drives enable organizations to control access to sensitive information on portable flash drives. Administrators can deny access to a flash drive until it verifies status with a management server, disable access to the device entirely, or destroy the contents to counter loss and theft.
All IronKey Flash devices are waterproof, and feature tamper-proofing to foil chip extraction techniques, and limited access attempts before flash contents are destroyed.
Each device includes a high-speed, military grade crypto chip that operates in AES Cipher-block mode for data encryption, and that supports 2048-bit RSA keys for PKI and 256-bit SHA for hashing (complies with FIPS Validations 140-2 Level, 186-2, and 197). Each device is also assigned a unique digital certificate.
IronKey also provides a secure password store and does not permit encryption keys to be copied to other devices. The unit includes support for various portable applications, including a secure Web browser (based on Firefox), an identity manager with secure password storage online, and an encrypted backup utility. These drives work transparently with Windows XP, Vista, and Server 2003 and 2008.
What makes the enterprise edition so attractive is the setup process used to configure, issue and manage devices. The first step requires accessing secure IronKey servers to set up an administrator account and policies.
By default, the devices destroy their contents after 10 unsuccessful login attempts, but this is configurable. Password policies set minimum length and various strength criteria. Software policy lets administrators enable components that include a secure Firefox version, secure sessions, secure backup, identity manager, and integration with RSA SecurID. Users may also be allowed or denied use of the my.ironkey.com website for self-service password recovery.
A first use of the administrative key leads the trusted user to a secure Web page, where initial configuration is set up and stored. Subsequent logins at end-user and administrative levels lead to an enterprise-specific Web server operated by IronKey.
Generally, users are limited to password backup and recovery, while master administrators control the entire IronKey Enterprise environment to delegate authority to user administrators for routine tasks such as creating users, or disabling and re-enabling IronKey devices.
The console tools are well-built and reasonably easy to follow and use, although admins must work their way through a large number of screens and some activities can take a bit of time and learning.
Enterprise Effectiveness A
The real power of the IronKey Enterprise comes from its ability to set up and manage thousands of secure flash devices. Administrators can set and manage policy for all of the flash drives whose digital certificates originate from the management console, and enable or disable devices across the entire enterprise from that console.
IronKey's Silver Bullet Services provide multiple options that can limit access to data on drives that have been lost or stolen, or that may still be in possession of an employee that has been judged to represent some kind of threat. Administrators can deny access to specific devices, disable access to its contents, destroy the contents or reprovision devices to new users.
IronKey Enterprise is a powerful and effective way to establish and maintain control over mobile information assets.
Testing methodology: We attempted third-party access numerous times, without success, and wiped flash drive content as needed.
- Mobile Device Data Protection: Key Findings and Players in the Market –SearchSecurity.com
- CW+: Bloor Research - EU Compliance and Regulations for the IT Professional –ComputerWeekly.com