Has SanDisk Solved USB Device Security?

The convenience of tiny Flash drives is also their downfall when it comes
to IT security.

The hugely popular tiny Flash devices, also called “thumb” and “keychain” drives, provide an easy way to move files from desktop to notebook computer and
transport files and data in your pocket. But that ease-of-use can be a
nightmare for IT departments that worry about any non-authorized software that
might be introduced to their networks by the Flash drives, as well as what sensitive corporate information might be removed.

SanDisk would like to change all that with TrustWatch, an integrated suite of applications that works only with SanDisk Flash drives introduced this week at the RSA security conference.

In some cases, government agencies and corporations have had the USB
ports glued shut to prevent USB devices from being attached.

TrustWatch is built around a secure network appliance and a management console designed
to let IT administrators easily configure and deploy secured USB Flash
drives (UFDs). The system also prevents information from being copied to
unapproved devices.

“Sandisk believes USB Flash drives have their place and can change from
being a threat to IT to being a competitive device that makes employees more
productive,” Ron LaPedis product marketing manager at SanDisk,” told
. “But they need to be managed.”

The system’s centralized management gives road warriors more
flexible access to their data and applications. In some cases, the UFD
might suffice rather than a notebook computer.

SanDisk said a
TrustWatch UFD can be used on a borrowed PC without leaving any trace of
its activity on that PC. If the UFDs are lost or stolen, their data can be
remotely destroyed. Built-in e-mail software syncs with Microsoft Outlook
folders and has Outlook’s look and feel to manage e-mail while on the road.

“Basically, it’s a thin client with a secure log-in,” said LaPedis.
“Every time it’s plugged in it talks to the management server.”

TrustWatch also performs a security check. When a TrustWatch UFD is plugged in, the software runs a spyware scan to make sure no keyloggers are in memory.
File vault storage includes AES  256-bit encryption for
security.

Analyst Roger Kay applauds the security effort SanDisk is making, but
would rather see a standards-based approach that works with other hardware.

“I’m here at the RSA Conference, which is full of companies offering
solutions from a narrow perspective,” Kay told internetnews.com. He noted the efforts of the non-profit Trusted Computing
Group
to promote open, vendor-neutral security standards.

SanDisk is the primary mover behind the U3 platform for application interoperability between Flash drives. LaPedis
notes the comprehensive nature of SanDisk’s solution and its immediate
availability. Though he also notes “We want to sell SanDisk drives.”

Other solutions address various aspects of the security issue. For
example, SmartLine introduced DeviceLock v6.1 at RSA, end-point security
software designed to prevent employees from using their corporate and
personal computing resources to siphon off valued information outside the
guidelines of IT security policy.

DeviceLock controls and audits activity at all peripheral ports and
removable device interfaces on Windows-based computers natively via Active
Directory Group Policy Objects (GPO) and/or DeviceLock management consoles.

The company said administrators gain precision control over which users and
groups have what level of access to which devices on which computers and
when that access is allowed. Prices begin at $35 for a single-computer
license, or $7,400 for managing 1,000 computers.

SanDisk TrustWatch drives are available now in 1 gigabyte to 8 gigabyte
capacities. The TrustWatch security system is $89.95 per seat starting at
100 seats. The software is browser based and doesn’t require a native client,
so it can be managed from anywhere there is access to a browser.

LaPedis said TrustWatch has been in pilot testing by two banking
customers for several months. IT administrators have a number of options in
setting up access and policy rules. For example, the system could report on
all activities including when the drives are used at home. There could be an
alert issued if home use is not allowed.

News Around the Web