John Breeden II is an award-winning journalist and reviewer with over 20 years of experience covering technology and government. He is currently the CEO of the Tech Writers Bureau, a group that creates technological thought leadership content for organizations of all sizes. Twitter: @LabGuys.
Having studied technology as it relates to government for almost 20 years, it’s always interesting to see not just how it changes, but also how government’s attitude toward different tools and technology evolves over the years.
A good example of this is email. When it first came out, it was practically banned from government facilities. Now, although email is tightly archived and protected, not very many agencies could function without it.
Another more recent example is key drives. It wasn’t too long ago key drives were only seen as a danger to the security of federal networks. I remember reporting on how some agencies were spraying epoxy into the USB ports of their computers to prevent their use.
Now, however, key drives can actually keep government agencies safe, and in some cases, safer than when feds use their desktops or laptops. I found this out when taking a look at the IronKey Workspace W700.
My intention with reviewing the product was actually to see if it might be an interesting way for agencies to try out Windows 10 to see if it would work well in their environment, but I found a really robust security tool that might be perfect for certain agencies, especially ones that rely on a lot of contractors and traveling employees.
On the surface, the IronKey Workspace W700 looks like a fairly standard 64G key drive. In reality, it’s actually a portable computer on a stick that can work with just about any system as long it has a working USB port.
When you insert the key drive and boot it up, a full version of the Windows 10 operating system comes up. Users can conduct their business like they normally would with any other Windows desktop, even saving their work. However, absolutely no trace of any files is left on the host computer. The desktop or laptop being used is only really providing a monitor and keyboard.
To test out how well it worked, I pulled a desktop system from my testbed that had been loaded up with spyware and even a very advanced keylogger. Booting to the W700 worked normally, and I performed several functions with the Windows 10 interface, including writing part of this column.
Once I shut down the key-based operating system, I went into the test computer to check all the data traps I had put in place. Not only were all the keylogger files empty, but also an advanced spyware program was not even able to report that the host system was used in the meantime. It was like I was a complete ghost on the system.
So, where could this technology prove most useful for government?
For starters, anyone that uses portable computers, such as those that sit in vehicles, could find a boon with the W700. It would allow that worker to plug in their drive and work with their known desktop and files regardless of the system specs or even the operating system on the host computer.
Also, those who travel to less than friendly countries where there is a real risk of having their equipment secretly examined by their hosts could carry any old laptop with them and not worry too much about what happens to it while they are away from their hotel rooms. They could simply use the W700 when they needed to work. The possibly compromised laptop could simply be bricked or wiped on their return.
It could also prove an advantage to agencies that would like to support telecommuting, giving employees or even contractors a working Windows 10-based computer without the pitfalls of having them use nonstandard gear.
When combined with either an on premise IronKey Enterprise Management Server or the cloud-based IronKey Enterprise Management Service, all IronKeys can be centrally managed and have security policies enforced. When using the slightly more advanced W700SC drive, you can even require CAC/PIV smart card authentication before the drive is allowed to be used.
Data at rest on the W700 is protected by XTS-AES 256-bit hardware encryption, one of the first portable drives to do so, and the drive itself, in addition to being mil-spec rugged, is secure up to FIPS 140-2 Level 3 standards, which goes above what is required by most federal agencies.
So, while the W700 might be a good way for agencies to roll out Windows 10 without fully committing to the new OS, it might find broader use as a security appliance to actually help protect federal workers and agencies. And keeping those USB ports working should save money on epoxy, too.