NEW - IDC WebcastFree E-NewslettersRSS Feeds | Site Map
Security Resource CentreBusiness Value of TechnologyMunicipal Centre
SearchSearch
Tips
Policy
HR
Registration
Program
Collaboration
Technology
Slice by Program
Technology < Government Technology Regulation < McAfee and MXI Security share encryption technology for government devices

McAfee and MXI Security share encryption technology for government devices

By: Jennifer Kavur, Computer World Canada(Aug 08, 2008 09:00:00)

Security giants MXI Security and McAfee are solidifying a partnership to jointly deliver secure portable devices and management software to government agencies.

The announcement happened to coincide with the public release of a U.S. Government Accountability Office (GAO) report stressing the need for federal agencies to increase their encryption efforts.

New products and services haven't been announced, but combined solutions are already available in the form of a USB flash drive, portable hard disk and centrally controlled management software. Offered by each respective company under unique product names, the devices share the same hardware and software.

McAfee's Zero Footprint Bio is a re-branded version of MXI's Security Stealth MXP, a zero-footprint USB flash drive with transparent hardware-based AES 256-bit encryption. Both carry FIPS 140-2 Level 2 validation certificates and feature three-factor (biometric, password and device) authentication. Numerous cryptographic services and digital identity features are included.

MXI's Security Outbacker MXP portable hard disk also carries hardware-based AES 256-bit encryption, zero-footprint software, three-factor authentication as well as digital identities and crypto services. McAfee users will find the equivalent in McAfee's Encrypted Hard Disk.

Unlike the FIPS-validated Security Stealth MXP, the Security Outbacker MXP is currently in the FIPS certification process. U.S. federal agencies are required by the Office of Management and Budget (OMB) to encrypt sensitive data on mobile computers and devices approved by the National Institute for Standards and Technology (NIST). The most current series of government computer security standards issued by NIST is FIPS 140-2.

The Security Stealth MXP and Security Outbacker MXP are centrally manageable through MXI's Access Enterprise software suite. Similarly, McAfee's Encrypted USB Manager (formerly SafeBoot for USB Enterprise) ensures the Zero Footprint Bio and Encrypted Hard Disk comply with agency policies and procedures.

But according to the GAO June 2008 Information Security report, "While many technologies to encrypt data exist, implementing them incorrectly - such as failing to properly configure the product, secure encryption keys or train users - can create a false sense of security and even render data permanently inaccessible."

The report, which looked at the encryption efforts of 24 federal agencies, states, "From July through September 2007, the major agencies collectively reported that they had not yet installed encryption technology to protect sensitive information on about 70 per cent of their laptop computers and handheld devices. Additionally, agencies reported uncertainty regarding the applicability of OMB's encryption requirements for mobile devices, specifically portable media."

Agencies appear to devote more attention to encrypting sensitive information transmitted over networks and less attention to portable storage devices. According the report, "b&six agencies reported having other storage devices, such as portable storage media, that could contain sensitive data. Of the six agencies, four had not encrypted these additional devices. Further, officials at one agency had no plans to encrypt sensitive data contained on their portable media."

Obstacles to proper implementation, from the agencies' perspective, include high costs, user acceptance and training, managing encryption keys, lack of interoperability for cross-agency collaborations and readying IT infrastructure.

"One thing that might be happening is that the departments are buying these products because they are FIPS validated, but not understanding how to operate these products in a FIPS-validated mode," said Larry Hamid, CTO of MXI Security. "You wouldn't necessarily understand how to do that unless you dug deeper into the security policies that accompany FIPS validation. You have to worry about things like, 'Where are your keys stored? How do you authenticate in order to unlock the encryption keys?'"

"Some of these products also have software components and unless you're using those software components, you may not be applying the proper security," said Hamid, who pointed to users placing files on USB flash drives without being obligated to run the encryption software. "This may be just because the user wasn't told how to use the device properly or that they know how to use it, but they just didn't have the time to run the software, which is quite often what happens when the security is a little cumbersome to use."

"One of the advantages of our technology is that we have full transparency in our encryption," Hamid continued. "So when you plug the device in, you have no choice but to first of all authenticate to the device. If you can't authenticate, you can't use the device. Once you've authenticated, your drive is fully encrypted. No matter what you do, there's no opportunity for the user to either accidentally or on purpose circumvent the security. It's so simple that the user can't make a mistake."

"The validation of our product covers the entire product, including all of the internals, the hardware, the enclosure and all the servicesb&all you need to do is plug it in and start using it. You don't have to worry about whether you are using it in a FIPS-validated mode or not because you always are. There's no configuration outside of perhaps the password policies that the organization would want to put on the devices and they can do that with our management software."

The Canadian government has varied legislation and policies on encryption. "In the case of policies, the Government Security Policy and the Management of Government Information (MGI) Policy are in place to manage and protect its information holdings," said Pierre-Alain Bujold, media relations strategist at the Treasury Board of Canada Secretariat.

For example, if a device has wireless capability, it can't be used to store sensitive data. "One of the things these policies say is that wireless devices must not be used for communicating or storing confidential or sensitive information," said Bujold.

Related content:

Opinion: Cryptic Reading

Data encryption fuelled by data breaches, regulations

U.K. defence department adopts encryption after data breaches

FBI in the dark about its own lost laptops

Top 10 security traps

Bookmark on:del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!
Have something to say about this article?
Add a new commentLetter to the Editor
Find an inappropriate comment? You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields
Technology < Government Technology Regulation < McAfee and MXI Security share encryption technology for government devices
Blog Spotlight: Sandford Borins
Sandford Borins

As Professor of Strategic Management at the University of Toronto, Sandford Borins brings InterGovWorld.com readers exclusive insights into how and why the public sector is changing. You'll find new perspectives and questions, observations and objectives, lessons and answers. Cover to Cover, the blog by Prof. Sandford Borins, appears every Thursday.

Inside Cover to Cover

Unified Communications
Data Defence

Unity is a word often heard in the public sector, with myriad agencies and departments looking to foster collective thinking around some of today's most pressing issues. The word, however, doesn't usually get mentioned in the same breath as technology. That's a situation, though, that might soon be changing, thanks to a new software platform known as unified communications.

Inside the latest issue of CGR

More Resources
Driving innovation through effective service management
Driving innovation through effective service management
This white paper discusses how a service-oriented governance framework can help ensure that IT decisions are consistent with business vision, values and strategies-and that IT delivers maximum value to the business. Complimentary with registration.
Download it now
IT Service Management Solutions and the service desk
IT Service Management Solutions and the service desk
This white paper presents the capabilities of IBM Tivoli CCMDB, and describes how Tivoli CCMDB extends the value of the service desk and integrates other essential ITIL processes in support of IBM Service Management. Complimentary with registration.
Download it now
Stalled PCI DSS compliance efforts put Canadian organizations in limbo: Hereb�s how to get back on track
Stalled PCI DSS compliance efforts put Canadian organizations in limbo: Herebs how to get back on track
You might have long ago abandoned your efforts to achieve full PCI DSS compliance, but herebs a report that offers some helpful ideas to get back on track again. It highlights the five bsticking pointsb that typically hinders PCI DSS compliance progress and suggests how to get unglued from the mess.
Download it now
Advertisement
2007 Salary Calculator
Knowledge Centres at a Glance
Policy
OPINION: Is ignorance of the law a design goal?
Registration
Voting groups release guidelines for e-voting checks
Program
Ten years after, Ontario still waiting for unified children's aid system
HR
20 amazing, amusing and alarming IT facts
Collaboration
Twitter launches election site to tap election "Tweets"
Technology
Electronic voting machines still not secure
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
Prepare for a more efficient SAP implementation: Take data issues off the critical path
Unlock the potential of data with the right data warehouse solution
IBM Multiform Master Data Management: The evolution of MDM applications
read more white papers
New blog entries
Thoughts of the day
Rate my public servant? Right on!
Customer feedback, citizen feedback: Two contrasting stories
Le Francais dans les Airs: Digitizing a Legacy
Stand up for Canada's public service: An open letter to Kevin Lynch and Len Edwards
While Austan Goolsbee is no Austin Powers, maybe Stephen Harper is Doctor Evil
This week's top stories
Most popular stories of the week
Demographics pose pressing dilemma: Renew or reinvent
Aussies take their cue from Canada on breach notification
Recording everything in the workplace soon to be in vogue, say researchers
Government of Alberta launches public health action plan
Putting e-mail intelligence to work
Readers write back
Comments from Intergovworld readers
Canadian governments engage in e-waste clean up
Federal privacy chief urges law revamp
Seven ways to kill innovation
Ontario Ministry of Health modernizes data transfer system
Toronto pet owners safe from Patriot Act
Government to government
Inside the public sector machine
Public utility's bare insecurities
Online crime fight needs more than law enforcement
Environment Canada opens up to open source
Government overconfident on security, says analyst
Shared services raise governance challenges
Government to business
P3: Public-private partnerships
Advocates say online privacy policies need work
GTAA gets its cabling challenges under control
Open source gaining traction in U.S. government, says survey
Government needs to be stronger advocate for health IT, say experts
Canadian governments engage in e-waste clean up
Government to citizen
e-Government service transformation
Canadian governments engage in e-waste clean up
Canadian municipalities sign up for eUniversity
Exclusive: PWGSC launches recruitment campaign to bridge baby boomer gap
Feds fend off cyber crime with funding schemes
Wi-Fi growth fuels video surveillance adoption
Blogs
Browse Blogs By:
Blogs by Topic
Blogs by Author
read all InterGovWorld Blogs
WiFi Hot Spot Finder
Upload Centre
Upload Your Documents
Contribute and share with your peers by uploading:
- Initiative updates
- White Papers
- Job Links
- Events
- Other
Upload Centre
Download Centre
Most popular downloads:
Download More Documents
Download:
- Initiative updates
- White Papers
- Job Links
go all downloads
Subscription Services
Manage your InterGovWorld.com account!
Change your account information, password, e-mail address, and existing e-newsletter subscriptions.
Change or update your existing subscriptions
Change your e-mail address
Site Feedback Survey
Tell us what you think of InterGovWorld.com!
take the survey
FUN SurveyFUN Survey
Take the one-minute Family Unit Networking survey!
Take The Survey
IT Salary Survey IT Salary Survey
Take the IT Salary Survey '06 Today
Take the survey now!
Career Resources
InterGovWorld provides links to resources for government job seekers and current employees, including: current job postings, job search strategies, career options and training, and employee rights, provided by all levels of government from everywhere across Canada.

How to apply for a job in the federal Public Service
Public Service Commission of Canada
Provincial and Territorial government job opportunities
Service Canada
City and Municipal jobs in Canada
Jobs in Canada
Identify and research your career options
Service Canada
HR planning and accountability
Public Service Human Resources Management Agency of Canada