CURRENT THREAT SCENARIO
Attacks are being increasingly launched against corporate and government data with alarming success in both network and teleworking scenarios. According to recent studies, most networks have a moderate-to-high exposure to these attacks because they have so many variants and takes time and effort to detect and eliminate. The risk of attacks may seem less pronounced in teleworking scenarios, but once malware is covertly installed on a worker’s PC, both traveling and home-based teleworking situations are equally at risk. The SPYRUS Secure Pocket Drive (SPD) was designed to mitigate these threats by allowing workers to carry an encrypted, secure, self-contained Microsoft Windows environment in their pocket. SPD boots on most any PC, creating a native, trusted environment. With an increasingly home-based and remote workforce, today's organizations understand the need for remote access but are wary of employees using untrusted home PCs and/or other systems that are off the enterprise network. Not only does SPD create a trusted software environment, the security components in the SPYRUS Secure Pocket Drive are designed, engineered, and manufactured in the USA to create a trusted hardware environment as well. For government agencies, The Telework Enhancement Act of 2010 (H.R. 1722) mandates that 20 percent of the hours worked during every two administrative workweeks be telework. SPD helps public sector customers to meet telework and continuity of operations requirements by simplifying the burden of securing its mobile workforce, requiring minimal resources for such a big job.
WHAT DOES THIS TECHNOLOGY DO?
Secure Pocket Drive is an encrypted USB flash drive with a self-contained, native Windows OS environment that allows it to be carried in a pocket and booted on almost any PC. Advanced hardware security ensures that the OS loaded onto the device at the factory is the same OS that will be launched each time SPD is booted. Using the componentized Windows Embedded Standard OS decreases the threat surface even further by eliminating system components not required to support desired functionality of the device. Microsoft Office and other productivity software can be installed, running directly from SPD, and user data can be stored to the device or to an outboard secure flash drive. SPD was recently verified as Citrix Ready® supporting Citrix application virtualization, networking and cloud computing solutions. SPD completed a rigorous verification process to ensure compatibility with Citrix XenApp™, providing confidence in joint-solution compatibility. SPD boots in seconds, allowing organizations to create and support completely separate personal and business environments in which users use their own PCs. By installing packaged or custom applications, organizations can allow users to perform standard desktop functions such as email, word processing, spreadsheets, database, network/internet browsing, and scheduling.
Secure Pocket Drive is the only licensed Windows environment for trusted mobile computing. Its hardware encrypts and secures the Windows operating system, applications, profiles, and data on the drive. It authenticates and validates SPD integrity using on-board hardware security at boot time. If it has been tampered with, SPD will not boot. In addition, it includes full Suite B On Board hardware security (ECDSA P-384, EC-DH, AES-256, SHA-384). The Remote Access Edition of SPD also prevents a rogue employee from leaking confidential information, because the host PC’s internal hard drive isn’t mounted, print drivers are not loaded, and data cannot be written to the device itself. SPD can be managed through enterprise domain group policy settings, just like any other PC.
Designed for maximum security with ease of use, users simply plug Secure Pocket Drive into untrusted home computers, kiosks, or public computers, and securely boot into a trusted Windows-based operating environment. Applications, user settings, and data files are all loaded directly from the encrypted SPD. It uses the keyboard, mouse, and a minimum of 1 GB RAM from the host computer. Access to the hard drive, network card, or both can be blocked by administrative policy. When the user is done, they simply disconnect the device and leave nothing behind.
1860 Hartog Drive
San Jose, CA 95131 USA