Categories
Blog USB Sescurity

Four Basic Requirements for USB Drive Security

USB flash drives are still popular portable storage devices because they are small and have relatively large storage capacities. Data on USB flash drives are not only readable but also editable, while data on CDs/DVDs are only readable. Users can edit the data on USB flash drives anywhere and in any situation.

You can place data on a USB flash drive to keep it physically separated from the rest of the data on a laptop and minimize the effects of a data breach if you lose the laptop. You can also use data on a USB flash drive by plugging it into a computer even when you’re offline; in contrast, you can access data on the cloud only through a network, meaning you can only use it when you’re online.

Although USB flash drives have significant advantages over other storage devices, many organizations now prohibit employees from using them by blocking the USB ports on their computers. These organizations make employees use and transfer data only through their networks, through which they monitor their data activities. The reason for this prohibition is that USB flash drives are vulnerable and lack security safeguards—unlike computers, which various information-security solutions protect to prevent data breaches.

However, many organizations still use USB flash drives. Some allow employees to use them freely to increase productivity, while others allow them in special cases despite prohibiting them generally. Companies that allow USB flash drives should use ones that are safeguarded by security solutions as secure as laptops are to prevent data breaches. If the data on a USB flash drive is as important as the data on a laptop is, it is easy to understand why it is imperative to protect the drive’s data. Below, we describe basic ways to protect data on a laptop. These basic methods can also promote USB security.

First, encryption software should be installed on a laptop in case it is lost or stolen. Second, antimalware software is required to prevent malware infections. Third, data-loss-prevention software protects against unauthorized data transfers outside the office. Finally, laptops should be managed collectively and remotely. The organization should require these four basic principles of laptop data security.

Encryption. Encryption guards against data breaches in the event the device is lost or stolen. Some encryption software can encrypt general USB flash drives. Some USB flash drives include preinstalled encryption software, and others include an encryption chip or keypad. Generally, USB flash drives with encryption chips are recommended for the enterprise level of security (read about Types of Encrypted USB Flash Drives).

Anti-malware. A USB flash drive also needs anti-malware software to prevent malware infections. When a USB flash drive is plugged into a computer that malware has already infected, the malware can easily infect it as well. The infected USB flash drive can then spread the malware to other computers in the organization.

Digital Right Management. You should prevent users from taking files from your USB flash drive without your permission. You cannot monitor an unauthorized data breach if a user uses the drive outside the network; therefore, you need to prohibit user rights to copy, print, screen-capture, and network-transfer files containing sensitive data before giving the drive away. That is the only way to protect against a data breach.

Remote Management. Finally, you should remotely monitor what users do with the files on USB flash drives they borrow from you. Before you give one to a user, you should set the password, usable period, usable IP bandwidth, and user rights. When a USB flash drive is lost or stolen, you can remotely destroy its data or block access to them. When using a USB flash drive offline, you should save its usage logs and transfer them through the network when you return to online use. You should also manage user rights and usage for offline users.

Secudrive prepares its USB solutions to meet the four basic requirements for USB security. It equips all its USB flash drives with AES-256 encryption chips, so only users who know the passwords can access them, and all their files can be transparently encrypted by the chip every time a file is storing on the drive. Secudive can preinstall the Trendmicro malware module for USB security to prevent malware infection by client request. The antimalware module can automatically update when a USB flash drive connects to the Internet. Secudrive USB Office and CAD make it possible to protect users from unauthorized copying, printing, screen-capturing, and network-transferring various Office and CAD files. Finally, Secudrive USB Management Server enables administrators to manage security policies—including user rights—and monitor file-activity logs remotely.

Categories
Blog USB Sescurity

How to Protect a File on a USB Flash Drive from Being Copied

We are usually nervous when we hand over sensitive files to an employee who recently started, one who may soon quit the job, or a partner whom we have been working with for only a month. If a sensitive file contains a new product design or a proposal for a big bid that our company spent considerable money and time to develop, that file is vital for company survival. We may also be anxious when we have even a trustworthy employee, whom we have worked with for a long time, carry the file outside of the office.

We usually use a USB flash drive to manually carry files due to the following reasons: 1) the data file size is too large to send via email, 2) the public cloud or a file transfer service is not as secure as our on-premises storage or service, and 3) a sender wants only the appointed person to handle the files. Thus, we send a trustworthy employee with a USB flash drive containing crucial files to someone to manually retrieve, and we pray that the files will not be breached; however, a USB flash drive is small and can easily be lost or stolen. Moreover, we cannot be assured that a USB flash drive is not intentionally or unintentionally given to an unauthorized person when carried out of the office.

When we ask how to protect a sensitive corporate file on a USB flash drive from being copied, many IT pros first recommend encryption. An encrypted USB flash drive can protect the content—if the USB flash drive is lost or stolen—from a person who doesn’t know the password. General USB flash drives can be encrypted using USB flash drive encryption software. There are encrypted USB flash drives with a physical keypad or embedded with an encryption chip.

But what if a person who knows the password copies a file from the USB flash drive and pastes it to some unauthorized storage or gives the USB flash drive with the password to an unauthorized person?

When we ask about it, some IT professionals say, “That’s not the job of IT. HR should have hired trustworthy employees. And if you are worried about it, you can get employees’ signatures on a non-disclosure agreement (NDA) when they are hired.” Employees who were trustworthy when they were hired can change. They may develop a grudge against their boss or company, or they could get in personal financial trouble and need money. Of course, NDAs can make employees hesitate before performing any wrongdoing; however, at the decisive moment many people “forget” that they signed an NDA when they were hired. Once the data is breached, NDAs cannot save a company, and a company may be awarded significant financial damages in court that an individual cannot indemnify. Worst case scenario: a company can go out of business because of a breach in security.

Finally, someone says, “You cannot protect any file on a USB flash drive from being copied if somebody can see the file, because he or she can write down the content on paper, take photos, or record a video.” This means technology cannot protect you from a data breach. And, what about the security solutions that we are using? Those “analog attacks” are the slowest, most difficult, and most incorrect ways to breach data.

Locking a door cannot completely prohibit all thieves from opening the door without a key, but it can take more time for thieves to open or destroy the lock. The time could result in thieves being caught, hesitating to break in, or giving up before they attempt to break-in. That is the purpose of locks. Similar to how we don’t open a door because there is not a perfect lock for every thief, we should not give up on technological security safeguards for a data breach because we cannot protect from analog attacks.

Meanwhile, if the sensitive information can be copied by analog attacks, the information should be kept in the founder’s brain. Then that would not be a job of IT.

However, Secudrive USB solutions provide a clear, easy way to protect sensitive files on a USB flash drive from being copied. Secudrive USB Office and CAD edition are secure USB flash drives equipped with encryption chips. These chips make it possible for users to securely read and write Office and CAD files on the secure USB flash drive while protecting the files from being copied, printed, screen-captured, and/or network-transferred. They also record all user activity. Secudrive USB Management Server enables an administrator to manage the USB flash drives and user rights and to monitor file activity logs through the Internet.

Categories
Blog File Server Security USB Copy Protection USB Sescurity

How to Prevent A Data Breach Risk by Contractors

Many security managers are worried about the possibility of a data breach by contractors when sensitive information is shared. As discussed in the previous blog, it is not easy to prevent data breaches by contractors, even though the breaches can cause crucial damage to a business. This blog describes a couple of typical examples where contractors could cause a data breach and suggests ways to prevent a data breach by using Secudrive solutions.

First, let’s imagine this situation: a company extracts customer information from their database and hands it over to contractors as a Microsoft Excel file. The contractors conduct a cold-call marketing campaign with the information, fill out the result of the calls in the files, and return the files to the company. Thousands of customers’ information is stored on every contractor’s PC, but the contractors’ PCs are separated from the company, so the company cannot control and monitor them. A contractor could accidentally send the Excel file as an attachment in an e-mail to the wrong person or deliver it into the wrong hands with malicious intent. In addition, if the company gave the contractors its marketing plan for the campaign, which the company has spent considerable money and time to create, the plan might be copied and delivered to a competitor too.

Second, imagine an industrial machinery company that hires hundreds or thousands of technicians as contractors to conduct a maintenance service for their customers, who are scattered all over the United States. The company should provide manuals related to all their products as well as a price list for all of the parts. The information might contain very important intellectual property and be very sensitive for the competition in the market so that it should not be handed over to the public or a competitor. Therefore, the company cannot help but worry about how the technicians handle the sensitive information in diverse environments. What if a technician loses his or her unencrypted laptop storing the sensitive data? What if the technician copies the files and places them into the wrong hands? What if the technician keeps files even after leaving this job, and hands them over to a competitor? The possibilities are endless.

Secudrive USB solutions could ensure data security in the above two cases.

First, Secudrive USB Office+ is suitable for use in telemarketing. Excel files can be placed onto a Secudrive USB Office+, a copy-protected USB flash drive that enables an administrator to restrict users’ rights for copy, print, screen capture, and network transfer. If all the users’ rights are restricted, users can simply open and edit the files on the USB flash drives. After the telemarketing campaign, contractors fill out the results and return the files to the administrator. If Secudrive USB Management Server is used together with Secudrive USB Office+, you can monitor all users’ activities with the USB flash drives. Even if a user loses a USB flash drive, the data would be secure because it is encrypted by an encryption chip. You can also destroy the data or lock the USB remotely when necessary for information security.

If you want to check the results of a campaign in real time, you can use Secudrive File Server instead. The customers’ information is stored in a file server that is separate from the company’s database, and Secudrive File Server is installed on the file server. Secudrive File Server makes it possible for an administrator to restrict users’ rights for copy, print, screen capture, and network transfer when users use files in a shared folder. Users only open the Excel files and fill out the results of the calls in the shared folder, and the administrator can check on this process in real time.

If users do not need to edit files after distribution, as in the second case, Secudrive USB Copy Protection is an excellent choice. You can restrict users’ rights for copy, print, screen capture, and network transfer when you distribute files with USB flash drives. If you need to update product information or a price list, you can upload the update files onto an update server, and then these files can be automatically updated when the distributed USB flash drives are connected to the Internet. Secudrive USB Copy Protection can utilize general USB flash drives that have serial numbers, making it more cost-effective, but this option is less secure because it is encrypted only by a software algorithm instead of an encryption chip. However, you can also destroy the data or lock the USB flash drives remotely.

In both cases, you can update files on the USB flash drives remotely through the Internet after distribution, without the need to deliver a physical CD/DVD every time you update files after distribution. Therefore, distributing the USB flash drives using Secudrive Solutions is much more efficient and cost-effective than distributing CD/DVDs using existing solutions.

Secudrive solutions are also very effective in preventing data breaches by contractors who work with sensitive corporate information but cannot be easily controlled under a regular corporate security regulation and system. With Secudrive, you do not need to open a corporate server system that is full of sensitive information. If you select the information that you have to open and deliver it to contractors using Secudrive, you do not need to worry about data breaches caused by contractor mistakes or malicious actions.

Categories
Blog USB Copy Protection USB Sescurity

Data Breach Risk Caused by Contractors

Many companies hire contractors when they consider a job to be of secondary importance to their business and need short-term labor or high-quality professionals for a specific job. A contractor, for the purposes of this blog, can be a freelancer, consultant, third party, or business partner who is hired from outside of a company. Hiring a contractor is a big deal in terms of information security, even though it is common knowledge that it is a good way for companies to maximize organizational flexibility and cut costs.

In recent news, Target agreed to pay USD 18.5M to settle claims by 47 states and the District of Columbia and to resolve a multistate investigation into a massive data breach in late 2013. Target said the total cost of the data breach was USD 202M as of May 2017, and it had not yet been finalized. The breach began at the PC of an employee of a third party who was responsible for maintenance of Target’s HVAC. A hacker accessed the PC and installed malware—the PC did not have anti-malware software. The hacker spied on the connection between the PC and Target’s system, finally gaining access to Target. The hacker stole the credit and debit card information of as many as 40M shoppers.

In another breach, the episodes of “Orange is the New Black,” a popular television show on Netflix, were released to the public by a hacker before Netflix’s official release this spring. Larson Studios, a third party for Netflix, had the files to conduct audio postproduction. A hacker attacked the third party, which was not fully equipped with a security system, to gain access to the files. The hacker then asked Netflix and Larson Studios to pay a certain amount of money within a certain timeframe or else the hacker would release the files to the public. Netflix and Larson Studios rejected the proposal, so the hacker released the files. In conclusion, many episodes of the new season in which hundreds of millions of dollars had been invested, was released before commercialization, resulting in tremendous consequences for Netflix. Many security professionals have pointed out that third parties in Hollywood have very vulnerable information security systems and this kind of data breach will continue to be in the future.

Finally, Edward Snowden’s Case should not be overlooked in examining this issue. Snowden, an employee of a third-party contractor with The National Security Agency(NSA), gained an access right to servers during his job. He put about 1.7 M top secret documents onto an unauthorized USB flash drive, carried it out of his workplace, and released the sensitive files to the public. Even though Snowden was determined a whistle-blower for the public interest, it was a damaging data breach by an NSA contractor.

The reasons for the above three data breaches are different, so the countermeasures against them should be different as well. However, it is apparently more difficult for an organization to prevent a data breach involving a contractor than a regular employee for the following basic reasons: 1) contractors might have less loyalty to the organization than employees do; 2) contractors cannot obtain regular information security education as easily as employees can; 3) contractors’ information systems cannot be easily treated as parts under organizational information security systems and cannot be managed and monitored as strictly as an in-house system; 4) contractors are sometimes temporarily allowed to gain access to the in-house system, and they often keep their access even when the work is completed.

Nonetheless, it is important to note that unstructured data, such as business files and drawing files that are used by contractors, have not been managed securely enough, whereas organizations usually manage access/rights very strictly when a contractor is granted access to structured data, such as a database storing millions of customers’ information. The sensitive files of the organization can be sent or copied to contractors’ laptops and servers without any restriction, and the organization often has no idea how secure files are managed by contractors. Thus, there are huge blind spots in information security that can cause a great disaster.

Our next blog will demonstrate how to prevent a data breach by utilizing Secudrive solutions, especially when an organization cooperates with contractors. Secudrive solutions can allow workplaces to cooperate by making it possible to safely store, deliver, and manage sensitive unstructured files in separate devices from the in-house system.

Categories
Blog USB Copy Protection USB Sescurity

How to Remotely Manage USB Flash Drives

If you store your files on a USB flash drive, you can update them and share them with others using any computer, anywhere. This is why many organizations decline to take the USB ports off their employees’ computers, even though USB flash drives are responsible for many data breaches. As long as an organization continues to allow employees to use USBs, however, these flash drives should be vigorously managed in terms of information security.

Think about an unintended data breach caused, for example, by a lost USB flash drive storing electronic personal health information. Perhaps encrypting USB flash drives can be enough to prevent unauthorized access to the data on them. Consider the Snowden Case, in which an insider maliciously moved an organization’s sensitive data to a USB flash drive in order to hand it over to an improper person. To avoid such cases, you must adopt copy-protected USB flash drives that allow an administrator to manage users’ rights for copy, network transfer, print, and screen capture.

Secudrive USB Management Server makes it possible for an organization to remotely manage scattered USB flash drives to prevent data leakage, either as a result of employees’ malicious intentions or by mistake. Its major features are as follows:

  • Asset management: USB flash drives can be registered. All information on flash drives, such as the USB type, user, group, security policy, and serial number, can be viewed.
  • Password management: It is possible to set rules for passwords, including minimum length, a minimum number of digits and upper-case letters, and maximum failed trials. Flash drives can be locked, and data in them can be destroyed when the maximum number of trials is exceeded.
  • Usage management: A USB flash drive can be used only with pre-authorized computers. It is possible to manage usage expiration date, a maximum number of logins, a maximum idle time before log out, usage policy when offline, and other settings.
  • Digital rights management(DRM): It is possible to manage users’ rights to copy, print, screen capture, and network transfer. Compatible applications and accessible networks (IP, port, and URL) can be whitelisted. It is possible to prevent the creation of autorun.inf.
  • File management: Maximum file activity log size can be set. Files imported from and exported to other devices can be encrypted and backed up. Files with particular extensions can be blocked or allowed. Files can be distributed to USB flash drives remotely.
  • Log management: It is possible to monitor detailed usage logs such as IP access, access time, and file activities (create, view, modify, save, copy, print, network transfer, screen capture, and delete).

Secudrive USB Management Server is compatible with Secudrive USB Basic+, Secudrive USB Office+, and Secudrive USB CAD+. Secudrive USB Basic+ is a hardware-encrypted USB flash drive with an encryption chip that does not support DRM-related features. Secudrive USB Office+ and Secudrive USB CAD+ are also hardware-encrypted USB flash drives to which DRM features have been added. Secudrive USB Office+ prevents data leakage from business files such as Microsoft Office files, whereas Secudrive USB CAD+ does the same for CAD files such as those from AutoCAD and CATIA.

Organizations have their reasons for using USB flash drives. Secudrive USB Management Server makes it possible to remotely manage them to prevent data breaches of every kind.

Categories
Blog File Server Security USB Sescurity

How to Protect CAD Files from Being Copied

Design drawings are manufacturers’ key intellectual properties. If a design drawing for a new product or core product technology were to be leaked to a competitor, it could severely damage the business; therefore, many high-tech manufacturers make an effort to keep their design drawing files secure.

However, manufacturers often design in tandem with business partners or big manufacturers like Apple, Samsung, or Dell, which usually design their own products and distribute the drawings to parts manufacturers. It is more difficult to keep drawing files secure in these cooperative environments. Big manufacturers pay serious attention to how securely their parts manufacturers manage drawing files, typically creating certain information security regulations for the small manufacturers and sometimes requiring them to retain it as a condition of cooperation. Secure drawing file management is an essential condition for manufacturers to grow as well as to survive.

Secudrive provides drawing file security for small- and medium-sized manufacturers.

Secudrive File Server CAD edition makes Windows file servers secure cooperative workspaces where in-house and remote coworkers can collaborate by sharing CAD files. Users can edit CAD files in a shared folder if they have permission to access it, while users’ rights for copy, print, screen capture, and network transfer of the files are prohibited. File activity logs, such as creator identity, opens, modifications, copies, prints, screen-captures, network transfers, and deletions can be monitored in real-time. A file can be prohibited from being saved in a different folder on the PC, a USB flash drive, an external hard drive, or the cloud. Copying a certain part of a drawing to a different folder by using the ”copy to clipboard” function can be also prohibited using the program. If there are many remote coworkers sharing CAD files, a file server can be located in the cloud using platforms such as AWS or Azure.

Secudrive USB CAD edition, which is compatible with Secudrive File Server CAD edition, is useful in situations where a user has to work with a CAD file outside of the office, such as a business trip where network connections are not available. With administrator approval, an encrypted copy of a CAD file can be saved in Secudrive USB CAD edition where the file cannot be copied, printed, screen captured, or network transferred from a USB flash drive because the administrator preset user rights in advance. All file activity logs can be monitored in real-time through the network or saved on a USB flash drive, allowing an administrator to see when the flash drive has returned to the office if not network connected. Before a file goes out from the file server to a USB flash drive, a copy of the file can be saved in the file server for ex post facto audit.

Secudrive USB CAD edition makes it possible to use all features of CAD programs with CAD files, meaning a user can rotate, view, and edit three-dimensional drawing files to come together with coworkers while the files are copy protected from the USB flash drive. It is different from existing general USB copy protection solutions, which convert three-dimensional drawing files to PDF-style, two-dimensional files. If you compare your view of a complicated original three-dimensional CATIA file with what you see in a converted two-dimensional image file, you can easily imagine how efficiently you can work with Secudrive USB CAD edition.

Most product design management solutions and product life cycle management solutions that focus on access rights management, file versioning management, and approval management are not enough to keep design drawing files secure. For design drawing files, there is a special focus on insider threats (e.g., a malicious employee attempting to hand files over to a competitor). Adopting multilayer security solutions like a big company, however, is not an easy job, especially for small- and medium-sized manufacturers. Secudrive File Server and USB CAD editions can be a necessary, simple, and easy security tool to prevent leakage of CAD files and to cooperate with business partners safely.

Secudrive supports the following CAD programs, with the compatibility list continuously growing: AutoCAD 2004-2016, 3DS Max, Maya, CAM350, DraftSight, DWG TrueView 2008, DWGEditor, eDrawings, OrCAD, P-CAD, Solid Edge ST, PTC Creo Parametric 2.0, CATIA, Solidworks, Unigraphics NX, AutoCAD MAP 3D, ArcView GIS, EPANET, and more.

Categories
Blog File Server Security USB Sescurity

File Activity Monitoring in a File Server

In many businesses, a great deal of confidential information is stored in a file server or a Network Attached Storage(NAS) and shared by employees, contractors, consultants, and business associates. Although we easily share files in shared folders to work together, the management may often worry that a confidential file can be modified, deleted, or even copied by an unauthorized person because of somebody’s mistake or malicious actions.

We usually control users’ access rights first to prevent unauthorized access to a shared folder and then give read-only or read/write permission to users who have access rights to the folder. But users are sometimes given access rights and permissions in exceptional cases, and often, these are not taken back. If this happens repeatedly, things can get messed up. Ultimately, access control and permission management efforts are often given up.

Finally, we look for file activity log features. We try to monitor who creates, modifies, copies, and deletes files and when, because we believe we can detect unauthorized or suspicious activity when a user tries to do so. And users who recognize that their file activity is always monitored can also proactively protect themselves from unauthorized and suspicious actions. File activity log monitoring is more useful in small- and medium-sized businesses where there is no dedicated administrator for a file server.

Of course, there is a log management feature that is provided as a default option by Windows file servers. However, if you set up some options to generate file activity logs, you will find tons of logs, struggle to sort what you really want out of them, and finally end up in big trouble with storage capacity management for the huge logs. This is why some expensive third-party log management solutions for Windows file servers are successful in the market.

Secudrive File Server shows at a glance file activity logs on users who create, read, modify, copy, and delete a file. Customers say that Secudrive File Server’s file activity log feature is useful enough to monitor users’ file activity in a file server without opting for any expensive log management solutions.

Secudrive File Server is basically a data leakage prevention solution for Windows file servers. Secudrive File Server makes it possible to manage users’ rights for copying, printing, screen capture, and network transfers of files from shared folders, while keeping existing shared folders and users’ access rights and permissions in existing Windows file servers. If we block users’ rights to copy, print, screen capture, and network transfer in shared folders and keep all confidential files in the shared folders through their life cycles from creation to deletion, we can completely prevent data breach from the folders.

Secudrive File Server can be utilized differently according to customers’ situations: 1) if users’ rights do not need to be changed often, their rights to copy, print, screen capture, and network transfer are all blocked, and all file activity logs are monitored. This is the most secure option. 2) If users’ rights need to be changed often and there is no dedicated system administrator, we can utilize the file activity monitoring feature for audit as a minimum safeguard to prevent data leakage from a file server instead of blocking all of the users’ rights.

When a user transfers a file from a file server to outside, the Secudrive File Server can back up the file in a certain storage area for audit, encrypt the transferring file, and let it be decrypted only in a copy-protected device such as another file server that has installed Secudrive File Server or a Secudrive USB flash drive.

Categories
Blog Insider threats USB Copy Protection USB Sescurity

Is Your ‘Secure’ USB Flash Drive Secure Enough to Prevent Insider Threats?

Concern about insider threats has been increasing in organizations. Because insiders usually know which information is sensitive for the organization, where the information is, and how to gain access to it, data breaches by insiders such as employees, former employees, contractors, and business associates are more critical than those by outsiders.

A data breach can occur when an insider loses a laptop or sends an email attachment with sensitive documents to the wrong person by mistake. However, an organization can be severely damaged when a malicious insider intentionally targets sensitive information for reasons such as espionage or selling. Insiders can gain access to and deliver information with relative ease.

In 2009, the FBI announced that former Boeing engineer Greg Chung delivered secure documents valued at $2B relating to aerospace technology to the Chinese aerospace industry as a contribution to his homeland over the 30 years he worked for Boeing. This case shows that data breaches by insiders cannot be detected for a long time. Data breaches by insiders, about which we sometimes see news reports, might be only a small part of undetected insider threats.

Some suggest that non-disclosure agreements can keep employees away from wrong-doing or trusting employees is better than adopting security solutions that decrease work efficiency. However, once data breaches occur, they cannot be easily recovered by lawsuits. Thus, prevention is best.

Many solutions have been introduced to prevent insider threats. Data Loss Prevention (DLP) solutions analyze data packets to check if sensitive information is transferred through the network and detect sensitive information containing specific keywords saved in PCs. Enterprise Data Right Management (E-DRM) solutions encrypt transferring files and manage users’ rights to copy, print, and screen-capture files. Finally, insider threat prevention solutions analyze abnormal behaviors of insiders with data and monitor the possibility of threats.

Meanwhile, USB flash drives are still allowed for unavoidable reasons in many organizations. Security-sensitive organizations have introduced so-called ‘secure’ USB flash drives. These enable a user to gain access to encrypted data on the USB flash drive only with the proper password, and they can protect data breaches even when the USB flash drive is lost or stolen. The U.S. governmental organizations are required to adopt hardware-encrypted, secure USB flash drives that comply with Federal Information Processing Standard (FIPS).

However, how can we handle a malicious insider with a USB flash drive? What if a malicious insider puts sensitive information onto an encrypted ‘secure’ USB flash drives., carries it out of office, decrypts the data, and sells it to competitors?

When it comes to malicious insiders, a copy-protected USB flash drive should be used instead of a general, secure USB flash drive by organizations. A copy-protected USB flash drive makes it possible for a user to gain an access to the encrypted data only with the proper password just like an encrypted USB flash drive. Furthermore, an administrator is able to restrict a user’s right to copy, print, screen-capture, and network-transfer files on the USB flash drive. Also, what a user does with files on the USB flash drive is monitored through the internet. There are two types of copy-protected USB flash drives for the purpose of 1) business, for office files and CAD files, and 2) content distribution, for multimedia files. The first can be used mainly for preventing insider threats.

Think about it!

For example, if you adopt an encrypted USB flash drive in your hospital and a staff member deliver one of the encrypted, ‘secure’ USB flash drives containing Personal Health Information (PHI) along with the password to an unauthorized person, can you be assured that the ‘secure’ USB flash drive prevented a Health Insurance Portability and Accountability Act (HIPAA) breach?

Categories
Blog USB Copy Protection USB Sescurity

Three advantages of USB copy protection

There are three ways to distribute content that has copyright or intellectual property: CD/DVD distribution, USB flash drive distribution, and downloading or streaming through the network.

CD/DVD has been the most popular content distribution media so far because it is relatively cheaper than any other media and good for mass production. CD/DVD has relatively smaller capacity than other media, so it cannot be used for larger multimedia files. CD/DVD should be used for read-only or play-only content since customers cannot to write onto a CD/DVD after distribution. Since laptops no longer have built-in CD/DVD drives, the CD/DVD is disappearing. That is another reason that other means are being substituted for CD/DVD

Downloading or streaming through a network is currently the best means for content distribution. We download a game, music, and movie file from the online marketplaces of Google, Apple, Amazon, Netflix, etc. As long as customers pay for the content, they are generally able to use it anywhere with any device such as a smartphone, tablet, and PC. Downloading or streaming is cost-effective because it doesn’t need a physical medium for content distribution. However, there are certain disadvantages since the content can be shared with those who know the buyer’s account. Downloading and streaming is mostly used for the distribution of multimedia content, games, and software. Large files are not a problem as long as the network bandwidth can accommodate them. Adding and changing content after distribution is also easily done through the network; however, content might not be reachable when offline.

A USB flash drive is also used for content distribution and recognized as the best medium for large files. A USB flash drive enables a two-factor authentication: an authorized user has to have a USB flash drive as physical evidence, as well as a login/password to view content stored on the drive. Thus, a user is prevented from sharing content with an unauthorized person by sharing login information only. Existing USB copy-protection solutions have utilized only the two advantages: the high capacity and the two-factor authentication.

However, a USB flash drive as a medium has another big advantage: we can write on it. If we think about it, a USB flash drive is an ideal way for read/write content. A user can manipulate or edit the distributed content. In other words, we can utilize a USB flash drive just like a hard disk drive in which all functions of the applications supporting the original content are available as long as copy protection works during utilization. For example, we can rotate and check a 3-dimensional object in a CAD program, jump to the other sheet or refer to a function in a cell in a MS Excel file, view animations in a MS Presentation file, or refer to hidden comments in a MS Word file. A USB flash drive is also okay for complicated content with multiple files, such as the content that contains an execution file and multiple files, including a database to which the execution file refers. You do not need to think about changing the format or style from the original content before distribution. Finally, when content needs to be added or changed, the content can be downloaded and updated onto a USB flash drive through the network.

Only Secudrive USB Copy Protection maximizes read/write features of USB flash drives as a medium for content distribution in this industry. If you need to distribute large, confidential marketing or technical material to your branches and partners, Secudrive USB Copy Protection is the best in terms of production, delivery, cost, and security.

Categories
Blog USB Copy Protection USB Sescurity

Security Levels of USB Copy Protection Solutions and Their Use

USB copy protection solutions prevent users from unauthorized distribution of content stored on a USB flash drive. However, it is not hard to find unauthorized distributed multimedia files via the internet, despite having been originally made using CD/DVD copy protection solutions. Clearly, some copy protection solutions cannot fully protect content against sophisticated digital piracy, and the solutions have different security levels according to the difficulty of creating the unauthorized copy. Therefore, the copy protection solution should be carefully chosen according to the nature of distributed content and how much damage the unauthorized copy can give to a business. In other words, you do not need to use expensive copy protection solutions for protecting content that is not as valuable to a malicious user, while you must use expensive solutions for protecting valuable corporate information.

Using a custom file explorer is one of the simplest ways to accomplish copy protection. Distributed files are located in a virtual drive, and a user can access and view the files only through the custom file explorer. To prohibit unauthorized copying, the menu for copy and print can be disabled in the explorer. These kinds of solutions are relatively cheap and consist of simple features. There is not the concept of ‘master content’, which is necessary for mass distribution. A user should put the content onto a USB flash drive one-by-one to make distributed USB flash drives. You should verify the security level of these kinds of solutions in the following three ways:

First, after plugging the USB flash drive containing content into a PC, open a command window with the administrator’s privilege and see if you can view the name and location of the file. If the file is hidden in a virtual drive, it can be easily copied by the ‘copy’ command in the command window. If the file or the header of it is encrypted, you can easily copy it, too, but the copied file is useless without the custom file explorer.

However, even in the above case, these kinds of solutions have a crucial disadvantage in which the content can be easily copied by a USB duplicator using sector-by-sector cloning. Therefore, you have to choose the solution that requires USB flash drives with serial numbers, which prevents sector-by-sector cloning by allowing only one unique distributed content for only one unique USB flash drive according to its serial number. Then, even if the USB flash drive is sector-by-sector cloned, it cannot work because the serial number of the new USB flash drive is different from the original.

Finally, there are other ways besides copy and print to duplicate original content. For example, in MS Word, you have to check if you can use transfer as a PDF or save to web. It is somewhat hard to control by using a custom file explorer, so the option might be available for unauthorized copy.

The second popular way for copy protection is using a custom file viewer. This solution offers a custom file viewer to access and view encrypted content, which is transformed as a PDF-like format. A USB flash drive stores the viewer and encrypted content. These kinds of solutions generally go with their own exclusive USB flash drives, which have serial numbers so that they can be safe from sector-by-sector cloning. There is not the concept of ‘master content’ for mass production and distribution and recognized as a relatively secure way of using software encryption to distribute a simple file.

The third way controls the functions of applications at the OS kernel level for copy protection. A USB flash drive stores the security policy for a user and the encrypted files to distribute. When the user puts the USB flash drive into a PC to view the files, an agent is installed on the PC that controls the user’s rights according to the security policy saved in the USB flash drive. In this method, all the original functions of the applications can be available, while copy, print, screen capture, and network transfer can be controlled according to the security policy. The file encryption and decryption process happen quickly during the application. It is proper to distribute complicated content which is consist of multiple files. Only Secudrive USB Copy Protection adopts this method. It requires a USB flash drive with its own unique serial number. It has the concept of ‘master content’ for mass production and distribution. It can update files after distribution. It is appropriate to distribute sensitive content, which can be used just like the original with hundreds or thousands of branches or partners in the enterprise. It is recognized as a relatively secure way using software encryption.

Meanwhile, Secudrive USB Office and CAD adopts hardware encryption using an encryption chip equipped in the USB flash drive, so that it can be perfectly suitable for distributing and sharing of sensitive corporate information through USB flash drives. Since the federal government and agencies are recommending using hardware-encrypted USB flash drives, it is certainly recognized as the most secure. In addition, it is possible to freely edit MS Office files containing sensitive management information and CAD files, such as AutoCAD and CATIA containing new product drawings, under copy-protection features. Moreover, the file activity in the USB flash drive can be monitored in real time through the internet. When offline, the logs are stored in the secure area on the USB flash drive, and they can be seen when the network is connected. When the USB flash drive is lost or stolen, the data on it can be destroyed through the internet. It will be useful when sharing proprietary information in small or medium groups. Of course, it is the most expensive.