eWeek, May 11, 2004
USB Device Cuts Risk of Hoteling
| The Xkey from KeyComputing can block spyware, lock up after failed log-ins and otherwise improve the dicey experience of working from borrowed equipment.
|Hoteling is the practice of using borrowed equipment rather than taking your own. This is often done when IT doesn't want to provide laptops for every employee because most don't travel enough to need them.
If an employee visits a remote site, they are given a guest PC to borrow-connected to e-mail and a browser-and are left to get as much done as they can (mostly e-mail) while on their visit.
Employees are increasingly using PCs provided at industry events such as Comdex, in hotel business centers and in public kiosks at airports.
In all cases, the employee may be creating a significant security exposure: Their passwords may get cached, spyware (particularly key loggers) may exist on that borrowed public hardware, and files may remain on the systems after the employee leaves.
If that weren't bad enough, the process of getting access often requires a help-desk call, which in and of itself may represent not only an unneeded cost but an additional security exposure.
And there have been increasing concerns that kids, gaining access to their parents' companies through shared home PCs, could represent a growing threat. This belief is based on the knowledge that children often play pranks or, if bored, get into mischief.
With more and more children becoming capable of mining a home PC for its secrets and the frequent lack of parental supervision at home, there is a painful accident waiting to happen here as well.
KeyComputing, which is owned by M-Systems Flash Disk Pioneers Ltd. (the folks who make USB memory dongles), came up with a product called the Xkey that appears to be ideal for this problem. This offering looks like any other USB dongle on the outside, but inside it has a series of utilities that should mitigate this growing employee risk.
The Xkey has a secure Microsoft Exchange client for e-mail and a secure repository that can contain sensitive documents. It also runs a utility at the beginning and end of a session that blocks spyware (particularly key loggers) during use and removes all traces of the user's presence from the borrowed machine on exit.
Finally, the device contains a secure VPN so that users can get access to remote resources. This could be a simpler way to ensure that wireless users, even on the plant site, get both easy and secure access to the network without locking out guests. (Using VPNs and putting Wi-Fi access points outside the firewall is a widely recommended practice).
IT can set this up for each user, and the user needs to know only their ID and password to use the device. The date on the device is fully encrypted (128-bit), and the device uses 2-factor authentication to protect it.
On request, the device can be preset to permanently lock up after a preset number of failed log-in attempts. This renders the device useless but protects the data. Of course, this suggests that leaving this thing around a house full of kids, if that feature is active, will probably result in the device becoming a doorstop, but that is still much safer than the alternative.
Obviously, if you use a device like this, you should also back up the files on it to a secure corporate resource in case you lose the device. But given the risks we face on a daily basis, I'm increasingly wondering how we can justify not using more powerful ways to secure our traveling users.
Whether it is the Xkey or the Migo USB flash drive, which we covered a few months ago, you should be actively looking at ways to ensure that your traveling users don't become an increasing nightmare for your company.