Secure USB drives in the enterprise

[stickinrock]

My company is looking for secure USB drive to use in the enterprise. It needs to be encrypted, but PC independent. I found some devices out there that work with PC software which limits the end user to PCs with that software installed. Any reviews or ideas would be great.

 

[Kaldor]

If Im not mistaken you can use Truecrypt on a USB drive. Probably the easiest solution and its free. I use it on my laptop instead of a system PW. Its kind of like a big fat ef you if any steals my stuff.

 

[Ignatowski]

take a look at www.ironkey.com.

they arent cheap but you used the word enterprise.

 

[stickinrock]

If Im not mistaken you can use Truecrypt on a USB drive. Probably the easiest solution and its free. I use it on my laptop instead of a system PW. Its kind of like a big fat ef you if any steals my stuff.

Thanks Kaldor for the info. I took a look at Truecrypt and although it is the right price this will be for non-tech savvy end users. I think it might be a bit complicated for them. I also need something I can centrally control.

 

[stickinrock]

take a look at www.ironkey.com.

they arent cheap but you used the word enterprise.

Thanks for the reply Ignatowski. I think IronKey might be the best solution because I am talking about an enterprise and will be looking at 100+ users that I will have to manage their encrypted USB devices.

 

[Kaldor]

In this situation do you really need a central control? I could understand if it was a bootable device like a laptop where you may need to do in the field recoveries. However all you really need for this is a list of PWs stored on a spreadsheet on a server with access given to only certain individuals. Not a difficult concept really. You need to look closer at Truecrypts features. It makes most so-called "enterprise" solutions look like trash.

Ironkeys are nice, but an 8gb key for $269 a piece. Give me a break. I doubt if your company is storing national security on your USB drives, lol. You could buy a 10 decent 8gb drives for the price of one Ironkey, put Truecrypt on them for free other than your time, and be further ahead. Not to mention every time a knucklehead loses one of these you dont have to justify losing an almost $300 flash drive to your boss.

As far "non-tech savvy end users" go. There is nothing for them to know really. You put the drive in and enter PW. Not really that hard. I work for the State of WI doing level 1 and 2 tech support. I know first hand how stupid a user can be.

 

[stickinrock]

In this situation do you really need a central control? I could understand if it was a bootable device like a laptop where you may need to do in the field recoveries. However all you really need for this is a list of PWs stored on a spreadsheet on a server with access given to only certain individuals. Not a difficult concept really. You need to look closer at Truecrypts features. It makes most so-called "enterprise" solutions look like trash.

Ironkeys are nice, but an 8gb key for $269 a piece. Give me a break. I doubt if your company is storing national security on your USB drives, lol. You could buy a 10 decent 8gb drives for the price of one Ironkey, put Truecrypt on them for free other than your time, and be further ahead. Not to mention every time a knucklehead loses one of these you dont have to justify losing an almost $300 flash drive to your boss.

As far "non-tech savvy end users" go. There is nothing for them to know really. You put the drive in and enter PW. Not really that hard. I work for the State of WI doing level 1 and 2 tech support. I know first hand how stupid a user can be.

That's a valid point, however, I noticed one thing about the TrueCrypt feature that would cause a problem. Here is the problem quoted from the TrueCrypt website. "In Windows, a user who does not have administrator privileges can use TrueCrypt, but only after a system administrator installs TrueCrypt on the system. The reason for that is that TrueCrypt needs a device driver to provide transparent on-the-fly encryption/decryption, and users without administrator privileges cannot install/start device drivers in Windows." http://www.truecrypt.org/docs/?s=administrator-privileges

Many of my users will be taking company data to customer sites for presentation, business meeting, etc.. The admin privileges would be a major complication to that situation.

Also, I am talking about ITAR regulated data. This is not "Top Secret" information but we do need to comply with the US governments ITAR regulations. That is why I need central control of the USB device.

Don't get me wrong. TrueCrypt is an assume product and believe me the price is right, but until they can fix the admin privileges issue I don't think it would work for my company. I will use it for my personal stuff though so thanks for the tip.

 

[Kaldor]

Yeah, the whole admin rights thing is a pain. Eventually I think they will make it run anywhere. Its is open source after all. There are a few other solutions though that dont require admin priv's. The biggest issue with enterprise is as soon as you stamp the word "enterprise" on it the price just went up 500%.