The Problem

The evolution of data storage has come a long way since the days of the floppy disk. The data has been stored on 3.5 inch (or 5.25 inch) floppy disks, burned onto CDs, placed on zip drives, stored in the cloud and on flash/thumb drives. Flash drives are used to provide data mobility and enhanced storage in a small package. The US military utilizes flash drives in Afghanistan to pull insurgent records from cellular phones captured in combat.

However, events in recent years have highlighted some problems with the use of flash drives in the workplace and the military.

While flash drives significantly increase the portability of data, there are some flaws that have been exploited by cyber miscreants. In December 2009, reports surfaced that the North Koreans may have accessed US-South Korean battle plans when a South Korean military officer plugged an unsecured USB drive into his home computer.

Corrupted flash drives have also been identified as the source of cyber security breaches on Department of Defense networks. A number of government agencies as well as some members of private industry have banned the use of flash drives. Companies like Booz Allen, CSC, Deloitte and SAIC have formulated policies surrounding the use of portable data storage units.

Early this year, several USB drive manufacturers have admitted to major security flaws within their products, even ones that are supposedly ‘secure.’ All this raises the question: how do I ensure I can access my data from other places but keep that data secure?

There are two options: cloud computing and a new option from Lockheed Martin.

Cloud computing is the model that is used by smart phones and many email providers. It stores data in a virtual ‘cloud’ which enables users to access data without having to be on a network running a particular server.

However, some questions have been raised regarding security in a cloud environment. Companies or agencies moving to a cloud model must either operate the cloud themselves or trust someone else to provide security.

The Solution

Another option, recently developed by Lockheed Martin, might hold the answer. Earlier this month, Lockheed Martin announced a new ‘IronClad’ brand of USB drive. This drive places an entire operating system, settings, software and files onto a flash drive that can hook into any computer. It is encrypted and everything runs off the USB drive so files on the drive do not interact with the computer hard drive. The new drive even offers a self destruct mechanism if it is lost or stolen and is available for under $200.

IronClad allows a user to safely operate on unsecured computers. By not interacting with a computer’s hard drive, the IronClad USB keeps information stored on it secure and away from platforms that may be corrupted.

As cyber espionage and cyber attacks continue to rise, companies and organizations will look to balance the interconnected and diffused operating environment with security. The IronClad USB from Lockheed Martin is a leading the way towards balancing these seemingly competing priorities.

While some of the data was password protected, the majority of the information was not. Officials at the medical center do not believe that any identity theft has occurred but have informed patients of the breach. The theft of the laptop occurred in August and the medical center began alerting patients whose data may have been compromised late last week. The incident highlights an important policy lesson for organizations. Laptops and flash drives are small and easy to steal. Employees must be held accountable for the devices and any data on those devices needs to be encrypted to mitigate damage when the device is stolen.