News Stay informed about the latest enterprise technology news and product updates.

Hardware flash drive secures Windows passwords

This little silver flash drive manages Windows passwords and self-destructs after 10 login attempts.

It may look like something out of a spy movie, but a hardware-encrypted USB flash drive that was introduced earlier this summer was created with Windows administrators in mind.

The IronKey Secure Flash Drive with Internet Protection Services, developed by Los Altos, Calif.-based IronKey Inc. and released in late July, is packaged in a shiny silver case and offers a self-destruct feature.

More stories on hardware security devices
Loaded USB stick helps fend off hacker attacks

Plugging Windows security holes? Hold the glue

But putting the James Bond ambiance aside, the device does tackle three serious challenges that vex IT managers: the need to manage the proliferation of all sorts of USB devices in the workplace, the need to securely manage and store multiple passwords, and the ability to give mobile workers a secure connection to the Web.

The potential harm that could come from end users introducing USB devices into the workplace has led many IT managers to ban them entirely. Too often they could be used to steal or compromise corporate data or could introduce a virus or other threat into the company's networks. Also, if those devices are lost or stolen, they can be mined for data and passwords.

And with hackers constantly focusing on ways to steal passwords, managing and protecting multiple passwords continues to be an issue. Many IT managers juggle up to 200 different passwords for a variety of systems and applications as part of their jobs, and managing them efficiently is an ongoing battle. IronKey's Secure Flash Drive lets them keep numerous passwords close at hand in a small, secure device.

IronKey is a startup, launched in 2005. Its founder and CEO, David Jevans, is currently the chairman of the Anti-Phishing Working Group, a global, standards group led by major computer industry vendors that are working to reduce online fraud and crime.

The device uses Advanced Encryption Standard (AES), which is a standard adopted by the U.S. government. It has password management features as well and portable secure Web browsing. Jevans said hardware encryption was chosen because it is very hard to trick hardware into giving up data; while, of course, new ways are constantly developed to hack software.

The hardware inside the device is sealed in an epoxy,
so even if the device is taken apart, it can't be accessed.

David Jevans,
IronKey CEO,

There are password protection products, but they are software programs that are installed on a company's computer systems. But in IronKey's case, everything is either loaded in IronKey's device or possibly stored in one of the company's secure servers if a customer chooses to do it that way as a backup. There is no software to install on the customer's systems.

The device's onboard Firefox Web browser also makes Web surfing private and secure through an encrypted tunnel on the Internet to IronKey's network routing servers. Those servers run open source technology enabling anonymous communications on the Web.

Jevans said IronKey has received inquiries from companies about equipping salespeople in the field with the devices, which would give them secure data and Web access. The device comes in three sizes: 1 GB, 2 GB and 4 GB. The first version is available for Windows shops, and subsequent versions will be available for Linux and Apple Macintosh platforms, Jevans said.

Secure Flash Drive with Internet Protection Services also has what IronKey calls a "self-destruct mechanism" that overwrites the data on the device after 10 login attempts, Jevans said. The hardware inside the device is sealed in an epoxy so even if the device is taken apart, it can't be accessed, he said.

At least one IT manager thinks the device could be very useful in certain situations, but its benefits may not be enough to overcome concerns about using USB devices in the workplace. Jeff Jenkins, vice president of information security governance and compliance at First American Corp., a financial services company based in Santa Ana, Calif., said the device would be great in certain situations, particularly where executives or IT managers carry disaster recovery and emergency preparedness plans with them as well as multiple passwords.

Dig Deeper on Enterprise infrastructure management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.