Categories
NEWS

A New Secure Data Erasure Solution for Businesses, Secudrive Drive Eraser

We launched Secudrive Drive Eraser, a new USB-type secure data erasure solution for businesses, into the market on July 21.

Secudrive Drive Eraser is an improvement and a replacement of existing Secudrive Sanitizer Portable. The new solution provides a more convenient user interface and user-friendly functions for various applications from small businesses to large enterprises or data destruction service companies.

Easy Operation. Secudrive Drive Eraser makes it possible to completely erase all data, including the operating system by running the .exe file in Windows login state. This feature enables even general users, not IT specialists, to completely wipe their computer themselves. After wiping the computers, businesses can freely dispose of, reuse, or resell them without having to worry about data leakage. Not many vendors provide this feature.

One for all. Secudrive Drive Eraser can also wipe computers piled up in storage without a network connection. It provides USB booting and CLI (Command Line Interface) mode to erase Windows, Linux, Mac in various situations. USB flash drives, external hard drives, and SSD (Solid State Drive) connected to the PC can be wiped as well. For wiping SSDs, it supports the ‘Secure Erasure’ function to protect the life of SSDs. We provide this feature as a default.

High-speed erasure operation. You can erase multiple PCs at the same time: You insert the USB flash drive into the target PC to run the erase program. After starting the program, you can unplug it from the PC and plug it into another PC to perform another erasing operation. Once you have set up your company’s standard erase operation for the first time, you will be able to do it without any additional setup. Also, if multiple drives are connected to one PC, they can be wiped in parallel to maximize the erase speed.

Convenient add-ons. Before erasing, it shows estimated operation time according to the selected drive and algorithm.  It provides a %-type S.M.A.R.T. index to check if the drive can be reused and a hexadecimal view to verify the operation.

Logs and Reports. Finally, once the erase operation is completed, the log is saved to USB and managed collectively. It is possible to trace the operation history according to each operator. Secudrive Drive Eraser also provides tamper-proof reports on computer information, drive information, and erase operation information. You can export reports as HTML, CSV, or pdf files to integrate with enterprise asset management systems and prepare for post-audits.

Categories
NEWS Press Release

SECUDRIVE to exhibit at GISEC 2019 in Partnership with Ras Infotech

One of the biggest cyber security vendors in South Korea, Secudrive is participating in GISEC 2019 from April 1 to 3 in Dubai, UAE. Secudrive once again will be teaming up with RAS Infotech, its biggest partner and cyber security marketplace in the MENA region. GISEC 2019 will be Secudrive’s first international appearance this year, kicking off its series of participation in global cyber security events. Secudrive is visiting Dubai for the sixth time—previous five have been to GITEX Technology Week. This is Secudrive’s first time participating in GISEC, an event that is more oriented to cyber security. Ras Infotech and Secudrive are looking forward to meeting many professionals and executives from diverse industries at GISEC 2019.

Secudrive and Ras Infotech will promote Secudrive’s mainstay solutions for File Server Security with DRM and USB Drive Security & Remote Management. These two solutions have been received positively by various customers in the MENA region. Visitors will be able to learn more about them with live demo and thorough explanations provided by experts from Secudrive and Ras Infotech,

Secudrive joins RAS Infotech at the stand A10, located at Hall 8 of Dubai World Trade Centre. All visitors are welcome to experience Secudrive solutions first hand with live demo by Secudrive experts. Moreover, Secudrive sales team will also be present to discuss more about customers’ needs and requirements, and how Ras Infotech and Secudrive can help to establish solid data security architecture throughout the data life cycle.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

3 Technological Security Measures to Prevent Data Leaks When Employees Depart

To help employees fulfill their professional initiatives, enterprises must provide a variety of physical and digital tools that enable the employees to take full advantage of enterprise data and resources. When the employees move on to different jobs, however, rolling back on all the capabilities that the enterprises once gave to their employees is another important duty. After all, departing employees can be either direct or indirect causes of data leaks, whether accidental or malicious.

To prevent departing employees from leaking confidential data, enterprises have been implementing several conventional measures like establishing policies, preparing legal documentation like a non-disclosure agreement, training/education sessions, and deactivating accounts used by ex-employees (PC, devices, cloud and more). Perhaps these can be considered to be enough to prevent leakage of confidential data; however, they are only focused on “discouraging” employees from leaking data when they depart. Instead, enterprises need to implement technological measures to actually “stop” data leaks from occurring.

1) Consolidate all files into a data repository equipped with data leakage controls and real-time monitoring

Preventing data leaks by departing employees begins with consolidation and isolation of confidential enterprise files in data repositories and away from individual employee PCs, which can become exit points from which confidential data can be wrongfully leaked, deleted, or edited.

However, this security measure is just the basic foundation of security architecture to prevent data leaks by departing employees. Therefore, by integrating data leakage controls to restrict copying, screen-capturing, printing, and network-transferring the files out of file servers, can enterprises form multi-layered and tighter protection of confidential data.

If the employees need to bring confidential data out to their local storage for certain tasks, enterprises must ensure that all relevant activities regarding the files and users are tracked with logs. Logs are important for both preventative and corrective action as a response to data leaks by departing or departed employees since enterprises can not only detect wrongdoing beforehand but also identify the wrongdoers even after they have quit.

2) Control and manage portable storage device usage on endpoint PCs

Employees now have more kinds of portable storage devices, like USB drives and smartphones, at their disposal for better and improved work performance. However, these devices must be used under the organization-wide enforcement of strict control and thorough management to ensure that those devices do not leave the office premises with confidential data inside.

Together with enterprise policies and culture that discourage the use of storage devices for purposes other than those work-related, a series of technological measures must be implemented to deter employees from doing so. Firstly, enterprises must block the ports (USB, IEEE 1394, and so on) on the PCs used by the employees. By doing so, not only existing but also soon-to-depart employees cannot use portable storage devices to take confidential data from enterprise premises, whether such action was done by mistake or with malice. However, blocking all ports may not be the best option, if the enterprises require permitting specific ports for specific tasks or employees. For this case, it is imperative to implement a management tool that oversees all ports and connected devices on all employee PCs, and that is capable of enforcing and lifting restrictions for specific circumstances.

3) Wiping used hard disks before disposing or recycling used PCs after employee departures

When employees depart, it is common for enterprises first to format the used PCs, and then re-assign or destroy (if outdated) them. Unfortunately, this practice may trigger unexpected data leaks, as the remnant files that contain or are relevant to enterprise confidential data can be recovered, even though the PCs have been formatted beforehand.

Therefore, to prevent data leaks by recovery, enterprises must wipe remnant data on old PCs by using data erasure solutions like degaussing, overwriting with randomized data, or even the physical destruction of PCs. These three solutions achieve the same goal of data erasure, but only one provides enterprises with an extra advantage: overwriting wipes remnant data completely and maintains the disks as usable, while the other two methods do not. Thus the disks overwritten with randomized data can be recycled to be assigned to new employees, and the enterprises will not have to worry about possible rediscovery and leakage of remnant data.

When employees depart, enterprises must think beyond handling more paperwork and recruitment, as their confidential data can, or even worse, could have been at risk of being leaked. The biggest issue with data leaks by departing employees is the increased difficulty of identifying who the wrongdoers are, and of taking a course of corrective actions. The three key measures mentioned above address the importance of data leakage prevention before and after departing employees, whether their involvement direct or indirect. Check our next blog to see how Secudrive solutions bring these measures into practice for enterprises, whether big or small, to ensure that confidential data do not leave along with the departing employees.

Categories
Blog Data Erasure Device Control File Server Security NEWS Press Release

4 Ways How Departing Employees Can Leak Confidential Data on Their Way Out

When employees leave, it is not just about more paperwork and recruitment efforts. In fact, enterprises must also make sure that confidential data does not leave with the departing employees. According to Osterman Research, 69% of organization surveyed indicated that departing employees pose a threat of data leakage.

It is important to know “why” departing employees might leak confidential data. Often, the reasons are classified into two characteristics: accidental and malicious. Accidental data leaks are closely related to employees’ negligence of what confidential data means for enterprises and of potential consequences for data leaks. Ponemon Institute study showed that over 50% of the reasons why departing employees took confidential data was the perception that “everyone else did it when they left.”Meanwhile, malicious data leaks are about personal interests. Lately, many enterprises are warned of malicious data leaks, as data has increased in its monetary value, and competition among corporations, which may lead to corporate espionage cases, has never been fiercer.

Then, what are the four potential threats and how do employees attempt to leak the confidential data on their way out?

1) Employees depart with confidential data in their hands, literally.
Whether accidental or malicious, departing employees have a variety of ways to take confidential data on their way out. One of the easiest ways is to secretly export confidential data to employees’ storage devices like USB drives, external hard drives, and even CD/DVDs.In 2017, a data leakage case that involved global semiconductor firm Micron, which suffered data leakage of monetary scale up to hundreds of millions of dollars, was caused by ex-employees who used USB drives to export and steal intellectual properties.

2) Departed employees access old enterprise accounts.
Google Suite, Microsoft OneDrive, Dropbox… Enterprises now rely on cloud-based storage networks for their daily operations, for their convenience and functionality. Therefore, when employees depart, it is crucial that all accounts with access to confidential data are completely deleted. If not done so, enterprises face another risk of data leakage. Personnel changes or big layoffs are already a big burden, but acknowledging the importance of deactivating enterprise accounts must never be ignored.

3) Departed employees instruct current insiders to take confidential data for them.
Even if the relationship between departed employees and the enterprises has been severed for good, those employees can still find a way to get confidential data in their hands. By asking the current employees privately, departed employees can indirectly obtain confidential data, delivered online or offline. Because this case involves multiple individuals in and out of enterprises, a systematic approach that combines both organizational measures and technological solutions are required.

4) Remnant confidential data can be recovered from the PCs previously used by departing employees.
After the employees depart, it is a common practice to reassign enterprise PCs to new employees or dispose of them for good. Before doing so, enterprises initially format the hard disks to make sure that none of the remnant data are recoverable. However, this is insufficient to completely stop data leaks because disk formatting merely removes the path to remnant data, not the data itself. Therefore, proper data erasure, not conventional file deletion commands, must be the priority in preventing potential data leaks through data recovery.

For enterprises, departing employees must mean more than extra paperwork and recruitment efforts, because they can unexpectedly become a source of data leakage, which can be catastrophic to enterprises. It is a tough challenge; however, knowing the four potential methods of data leaks by departing employees, as mentioned above, is a solid starting point to ensure that none of the confidential data leave the enterprise premises.

Categories
Blog NEWS Press Release USB Copy Protection

Secudrive USB Copy Protection 3.1, an advanced USB copy protection solution for enterprises, released.

SAN JOSE, Calif., Apr. 4, 2017 – Brainzsquare announced its release of Secudrive USB Copy Protection 3.1, an advanced USB copy protection solution for enterprises.

Secudrive USB Copy Protection 3.1 focuses on securely distributing and sharing sensitive data relating to marketing, product development, and finance via a USB flash drive while preventing unauthorized copying.

Secudrive USB Copy Protection 3.1 is compatible with content that runs on MS Office, CAD, and custom applications, as well as multimedia and PDF-type documents supported by existing USB copy protection solutions. All functions of the applications are available while preventing unauthorized copying, printing, screen capturing, and network transferring. For example, a user can rotate a 3-dimensional drawing in AutoCAD, move to another sheet, and refer to a function cell in MS Excel, view an animation in MS Presentation, or read hidden comments in MS Word.

Secudrive USB Copy Protection 3.1 also works with complicated content consisting of multiple files. For example, an execution file refers to a database and requires multiple files to run. With Secudrive USB Copy Protection 3.1, the files can be distributed as a set while copy protection features are maintained.

Moreover, content can be updated after distribution. When a user plugs a USB flash drive into a PC, a built-in program automatically checks if anything needs to be added or changed and then updates content accordingly. The remote update feature can significantly reduce enterprises’ shipping costs for re-delivery of physical devices with new content.

Finally, the manager software can be installed on multiple PCs to enable mass production for situations where customers distribute content to thousands of branches or partners. Each PC with the manager software and the USB hubs can simultaneously produce up to 22 distributed USB flash drives without any USB duplicator.

“Customers can distribute the original files with Secudrive USB Copy Protection 3.1 while modifying the original file formats to PDF-types with existing solutions. When you distribute an MS Excel file or an AutoCAD 3-dimensional file, you can easily understand the distinction between the two if you compare what you use the original with what you only view PDF-style still image file. Secudrive USB Copy Protection 3.1 could be the most effective and secure solution for enterprises to distribute and share complicated and sensitive data,” said Simon Kang, CEO of Brainzsquare.

Categories
Blog File Server Security Inside Story Insider threats NEWS

4 Reasons Why Google IRM is not Enough for Corporate File Sharing

Google has implemented a new security feature in order to allow file owners to control whether or not the users for shared files can copy, print, or export them on Google Drive. I wanted to explore the usability of Google’s IRM feature within a corporate environment to see if it could help to prevent data leaks caused by insider threats from employees, as well as data leakage threats from partners, and third-parties. If the feature is sound, it could be a convenient method of safely sharing data since Google is linked up with many useful applications.

Unfortunately, upon further investigation and usage of Google’s IRM, I found that it was a good feature in some aspects but not quite good enough to be suitable for corporate use.

Here are my four reasons why I believe it is not well suited for corporate file sharing.

Rights Management Concerns
There were two key issues with management of the Google IRM feature. The first is that the IRM features are set file by file making it a big headache for any security administrator. Imagine managing just 20 users and each of them made just 1 file per day. This is around 600 files per month that they would have to try and manage. Now imagine that on an enterprise scale. That would be thousands of file daily.

IRM is also set by the file owner instead of the security administrator. It basically leaves each employee in charge of the security of each individual file leaving you highly vulnerable to employee-related data leaks.

Collaborative Editing or IRM
Personally, I find that the collaborative editing is one of Google Apps’ best features so you can imagine my disappointment when I found that the IRM doesn’t extend to editors.

Google’s IRM is only applicable for users with read or commenter access rights (Previous Post: Top 3 Things to Know about Google’s Information Rights Management (IRM)) meaning I ultimately have to choose to have IRM security without the ability to edit or have the convenience of collaborative editing without IRM security. Why can’t I have both?

Google Apps Only
The Google IRM is mostly centered on protecting Google App files and for all other files in Google Drive, the functionalities are limited. For non-Google App files, the IRM only removes the options for copying, exporting, and printing but content can still be copied using clipboard copying. So, Google IRM is not a viable option for confidential data. Also, since many of my organization’s files are from Microsoft Office as well as other standard applications such as those from Adobe Creative Suite, a large majority of my files will not fall under the full protection of Google’s IRM.

Lack of Compatible Protected Applications

As previously mentioned, Google IRM is focused mainly on Google App files, so it leaves the large majority of my other files to fend for themselves. The only files that I could protect are Microsoft Office files but they would have to be converted into Google App files in order for me to get the full protection.

I personally share a lot of Adobe Illustrator, Photoshop, and Premiere files for marketing content on the website. These files do not have a Google-App counterpart and cannot be used within Google’s browser-based platform. So essentially, the feature provides very little usability and security for myself and my team.

For other organizations, I can see this being an even larger barrier. For example, R&D for a manufacturing company could need protection for their AUTOCAD files, website developers could need protection for their HTML files, or a gaming software design company would need protection for their source codes.

Google IRM’s Role and an Alternative Solution
Google IRM could be a good start to trying to protect you from data leaks caused by your own employees and colleagues. As it is now, it doesn’t seem good enough to be used in a dynamic enterprise-level environment. But if you want to create a more secure environment that is convenient and better suited for the enterprise, we have a solution that would be able to allow for secure file sharing within file servers and the cloud by using advanced rights management technology. [Next Post: 3 Ways SECUDRIVE is a Better Alternative to Google IRM in an Enterprise Environment]

Categories
Blog File Server Security Inside Story Insider threats NEWS

Top 3 Things to Know about Google’s Information Rights Management (IRM)

Google Apps for Work released a security feature last July which enables the owner of a document to disable the download, print, and copy functions for Google App files using Information Rights Management (IRM).

I was excited to see that Google was looking more into rights management solutions as it is not a common feature in most cloud service solutions. As I mentioned in one of my previous posts (Link: 5 Security Concerns when using Google at Work), I use Google Apps for work regularly so I was eager to test out the IRM functionality and implement it within my own work environment as it looked like it could solve some of my security concerns.

Blocking Copying Functions for Google Apps
Upon testing the feature, I found that I was able to block copy & paste, clipboard copy, export, downloading, and printing functions for Google App files, specifically for viewers and commenters. This feature is most useful in situations where I want to receive feedback on a Google Document but I do not want the shared users to copy or save the data to their own machines. [Link: http://googleappsupdates.blogspot.com/2015/07/disable-downloading-printing-and.html]

Though I should mention that you cannot control each of these blocks individually, it wasn’t too big of a problem since when I want to block copying, I typically want to block printing and exporting as well.

IRM in Google Drive
The IRM feature also expands to non-Google Apps files stored in Google Drive and disables the menu items for export, copying, and printing. But I noticed that the features aren’t as in-depth for Google Drive files in comparison to Google App-files since content can still be copied using the copying keyboard shortcuts.

I have some concerns with the fact that files can be opened and then screen captured for Google Apps and Non-Apps files alike. The protection for Google Drive files only applies when the files are viewed within the browser as well.

Feature Does Not Cover Editors
The IRM only applies to users that have a viewer or commenter access. So the feature cannot prevent editors from copying information. I had hoped that the IRM function would have covered all user types because there are instances where I do not want editors to be able to copy the information to their own systems but I still want the collaborative functionalities that make Google Apps so great. If Google expands the protection to editors as well, it could help to greatly improve the usability of the IRM feature. [Next post: 4 Reasons Why Google IRM is not Enough for Corporate File Sharing]

Overall, it is nice to see Google being proactive in regards to security by providing more options for users to protect their shared data. Though it’s a positive step in the right direction, the IRM feature does have room for improvement.

Categories
NEWS News Letter Notice Press Release

SECUDRIVE File Server 6.0 Supports Enterprise Environments including Cloud

SAN JOSE, Calif., Oct. 7, 2015 /PRNewswire/ — Brainzsquare, Inc. has launched SECUDRIVE File Server 6.0 (FS 6.0), the latest version of their data leakage prevention solution for shared files. In addition to its protection for SMB protocol through the local network, WebDAV protocol through the internet is now supported as well. It means that FS 6.0 has now become available with public cloud services such as MS Azure or Amazon EC2 without the need of a VPN. Furthermore, FS 6.0 is compatible with DFS and Windows Server Failover Cluster environments in order to support enterprise system architectures.

For situations when files need to be transported out of the server, FS 6.0 provides an encrypted export feature where the file can only be decrypted on one of SECUDRIVE’s securely managed USB drives such as the copy-protected, SECUDRIVE USB Office+. FS 6.0 has also made sure to include data leakage protection features when sharing through a file or folder link allowing users to maintain their normal workflow with advanced security.

FS 6.0 proactively prevents unauthorized copying, printing, screen capture, and network transfers of critical files within the securely shared folders. In order to allow for easy implementation, preexisting users, groups, and shared folder information are detected automatically. Shared folders are transformed into ‘securely shared folders’ and user rights can be easily managed by user or by groups. All activity is recorded and the events can be filtered and sorted by file activity for auditing purposes.

“File servers are being used to store and share important information in many organizations. Unfortunately, though information security managers would like to increase security on their servers to regulate internal and external threats, many have hesitated due to security solutions impeding work efficiency. Luckily, SECUDRIVE File Server 6.0 will allow them to transparently and proactively protect against those threats while minimizing any inconveniences which are often coupled with higher tiers of security,” said Simon Kang, the CEO of Brainzsquare, Inc.

Categories
NEWS News Letter Notice Press Release

SECUDRIVE Sanitizer Enterprise Released

SAN JOSE, Calif., Jan. 12, 2015 -Brainzsquare has launched SECUDRIVE Sanitizer Enterprise, an integrated disk wiping management solution that has been catered for enterprise environments. SECUDRIVE Sanitizer Enterprise (SE) makes it possible to manage the wiping process of disks may be widely spread or in remote locations, making it an effective solution for disposing or reusing old computers and hard drives.

By using SE, users are able to initiate the wiping process for specific disks via download. The process has been streamlined and provides a one-click wiping system. Once users download the software to their computer, they launch the program, select the disk they would like to wipe and click start. The administrator can preset the wiping algorithm and wiping policy for user-activated wiping which will wipe all data including the OS. Meanwhile, the administrator can monitor the process once the wiping begins from the management console. Aside from user-activated wiping, the administrator can also forcibly wipe entire computers without having to grant users administrative rights through remote deployment. All logs and reports which include detailed PC and disk information can be gathered once the wiping process has finished.

SE utilizes various military grade algorithms such as Department of Defense (DoD 5220.22-M) and Gutmann algorithms which can overwrite the data up to thirty-five times. Various disk types such as ATA/IDE, SATA, SCSI, USB, and firewire can all be wiped as well. Unlike many similar wiping solutions, SE ditches the overly complicated interface by not requiring any additional BiOS or OS setup, having the ability to launch straight from Windows and allowing for simultaneous wiping of hundreds of disks.

“It is important to wipe disks immediately after they have been decommissioned. When old drives and computers are sent to storage or outsourced to a disk destruction services, they are at their most vulnerable state. We believe that our product makes it possible to wipe disks the instant they are no longer being used. The user or administrator can activate the wiping process with just one click before leaving the office and have a completely wiped drive the next morning, ready to be moved to storage or transported elsewhere. It is incredibly easy to use and the entire process is managed and monitored as well,” stated Simon Kang, CEO of Brainzsquare.

Categories
Blog NEWS Notice Press Release USB Sescurity

SECUDRIVE USB Management Server 3.0 (UMS) Released

SAN JOSE, Calif., Sept. 17, 2014 –Brainzsquare has released SECUDRIVE USB Management Server 3.0 (UMS), an integrated solution purpose-built for enterprise environments. The new technology leverages SECUDRIVE USB Basic+, a hardware encrypted USB, as well as USB Office+ and CAD+ for additional security protection.

UMS provides a variety of security features, including asset and password policy management, and IP protection to disable functions such as copy and paste, clipboard copying, screen capture, and printing. The solution also delivers inactive USB locking, remote destruction, real-time monitoring, USB logging, and real-time malware monitoring and protection. Ideal for enterprise use, UMS delivers Windows Active Directory (AD) integration and multiple security policies in separated network environments, including secure data transport for virtual desktop infrastructure (VDI) USBs, which can also be restricted for use with specific AD user accounts.

“UMS provides various options to remotely manage IP protected USBs as well as hardware encrypted USBs for  various enterprise network environments and their increasing security needs,” said, Simon Kang, CEO of Brainzsquare, Inc. “Employees can work with the secure USBs transparently while corporate IP is protected from both insider and outsider threats. This means customers will see a considerable improvement in the level of security with minimum loss of work efficiency.”

Security policies can be set for the intranet and extranet by installing UMS on different servers in separate network environments. For instance, USB Office+ can be calibrated on the intranet and IP protection features disabled to allow for a more efficient workflow. While online, strict IP protection features can be set by administrators to safeguard the security and privacy of enterprise users. If data is not required to be removed, SECUDRIVE IP protected USBs enable the safe transportation of data from VDI environments.

In addition, to help protect files stored on a flash drive from malware infection, SECUDRIVE USB Products feature Trend Micro’s antivirus program, Trend Micro USB Security (TMUSB). UMS also has the ability to update TMUSB’s pattern file locally for closed networks.

Trend Micro and Trend Micro USB Security are trademarks or registered trademarks of Trend Micro, Inc. Product specifications are subject to change without prior notice.