IronKey
Technology - Remotely Managed
The World's Most Secure Flash Drive
Each
IronKey Enterprise drive has the built-in capability to be
managed centrally and remotely by policies that define how
the drive is configured and how it can be used. IronKey
management makes it possible to deploy large numbers of
devices in a consistent and controlled fashion.
Centralized and Remote
Each time an IronKey Enterprise device is unlocked it will load a set of policies from a resident file in a protected area of the drive. The policy file is updated during each use through the host PC's network connection, assuming the network is available. Thus an organization can define, distribute and update policies for IronKey drives even if the drives are already deployed in the field.
Customizable, Policy–based Controls
The IronKey Enterprise solution allows an organization to define and enforce role-based policy rules for how drives are configured, determining whether users have access privileges to an IronKey drive, and to specify what authorized users are allowed or required to do—or are restricted from doing.
IronKey policies include settings for:
- Assigning Entitlements for both administrators and end users—including a requirement for second approval of new admin accounts
- Enforcing Security Policies that cover requirements such as password strength, malware scanning frequency and inactivity timeouts
- Configuring Device Software Policies that control which of the applications that come bundled with IronKey drives are enabled for which group of users
- Setting Rules for restricting access to IronKey devices if network connectivity is unavailable or the network is not trusted
Your organization can have an unlimited number of policies. Every time an existing policy is modified, a new version of that policy is created (e.g., Policy 2.001, Policy 2.002). All changes in the administrative console will be archived, and an easy-to-use dashboard shows who made what changes, when they were made, and which user accounts were affected.
Silver Bullet Services
IronKey Silver Bullet Service provides a simple and effective method of remotely over-riding a user's device policy in the event their status or the status of the device changes. For example, if an employee is terminated from the organization, their device policy can be temporarily disabled until it is returned. In the event the device is lost or stolen it can be sent a self-destruct sequence, which will perform a complete erase of the data and the device keys.
Lifecycle Management, Tracking and Reporting
The IronKey Enterprise Remote Management service streamlines the process of provisioning devices for large groups of users and even provides capabilities for device recovery if employees lose passwords. IronKey Management also allows for reprovisioning devices to new users in the event of employee transfers and/or departures.
The IronKey Management Console provides a dashboard that makes it easy to view summary graphs and reports about user activity or administrator activity, as well as status reports about deployed devices.
Antivirus Scanning Service
In addition to onboard active anti-malware defenses, IronKey Enterprise drives offer an onboard malware/AV scanning engine (as a policy-controlled option), which will scan each file on the drive every time the drive is unlocked, or at a policy-scheduled interval.
Surfing the Web Safely
For organizations with mobile users who sometimes access the Internet at public wireless locations such as airports, hotels and coffee shops, the IronKey Secure Sessions Service provides a Trusted DNS source and an infrastructure managed by IronKey that will safely route the user to their intended destination website. The Secure Sessions Service prevents against man-in-the-middle attacks by rogue wireless access points while also checking to make sure that the eventual destination is not a known phishing site.
Enhanced Authentication
Beyond simply protecting the privacy of users' data, an IronKey drive can also play a dual role as a strong, two-factor authentication device for One-Time Password or client-side x.509 Digital Certificate Authentication.
Through policy controlled applications, IronKey devices can be configured with any of the following:
- An Identity Manager application that can serve as an alternative to Single Sign-on by securely managing multiple accounts and passwords on the device
- A RSA SecureID or CRYPTOCard Soft Token on the drive
- A customized version of Mozilla Firefox that will provide mutual authentication to an appropriately configured website