In the modern workplace there’s increasing demand for people to be able to work remotely or bring their own devices into the office. That presents a problem for IT departments who need to deliver secure access to corporate data and ensure that everyone is using approved applications.
One way of allowing employees and contractors to use their own PCs but still ensure they’re running the approved corporate software is the IronKey Workspace. It’s a bootable USB stick that can be loaded with a corporate Windows image including applications, security controls and access policies. It will work on any reasonably modern PC and on some Macs too.
It’s the same size as a normal USB memory stick but a lot heavier – not for nothing does it have iron in its name – obviously designed to survive the rough and tumble of a life on the road. Provided your system is set up to boot from a USB drive it simply starts up from the IronKey rather than its internal drive.
Effectively the IronKey bypasses the host PC’s native operating system, in fact it’s purposely isolated from it in order to provide additional security. It uses a Windows To Go licence so businesses can use an IronKey for every existing Windows licence with no need for additional licensing. Since it’s using a solid state drive and it’s not encumbered by software that’s installed on the PC it runs quickly even on older machines. Our test sample came with Windows 10 installed, though 8.1 versions are available too.
The first time you boot from the IronKey there’s a short ‘preparation’ session then you need to re-boot again and it runs a normal Windows set up. This lets you select the language and set up Wi-Fi, then one more boot and you have the choice of using Azure AD or a domain to connect to a company network and you’re ready to go.
We tested the IronKey on a Lenovo laptop and there was little difference between the performance whether running from it or from the internal drive. It does feel a little odd to be using the machine without the noise of the hard drive whirring away though.
Once up and running you can still access most of the laptop’s features like the DVD drive and Bluetooth. The IronKey did a pretty good job of detecting our machine’s hardware, though we did have to tweak the display settings to get the right resolution and it couldn’t cope with the scroll part at the side of the trackpad, but neither of these are major issues.
The PC’s own hard drive is hidden from Windows when you’re running from the IronKey and on our 32GB version there’s around 20GB of space available on the device itself to allow you to store files and install programs. Higher capacity versions are available. It comes with the standard range of Windows software, Windows Mail, Media Player, Windows Defender, etc installed. In use it’s like any other desktop environment so you can access cloud based apps and services via a web browser.
The main reason for using something like this is to secure corporate information and provide a barrier between personal and work use of the same machine. When it’s running the IronKey’s LED is green and, as we’ve already pointed out, you can’t access the PC’s hard drive. Plug the device in while the PC is running its own OS and the LED turns red to show that the device is encrypted, it’s the IronKey that’s now hidden from Windows Explorer.
It has it’s own control panel that lets you set the device password and there’s the option to reset or self-destruct the device if it falls into the wrong hands. You can also set a custom ‘if found...’ message to display on the lock screen.
It’s hardware encrypted to keep its contents safe. Different versions of the IronKey are available with varying levels of encryption, the W500 tested here uses hardware encryption but there’s also a W700 which provides stronger encryption and access to a Federal Information Processing Standard (FIPS 140-1) validated workspace, plus there are W200 and W300 versions with BitLocker protection. The company says that the cryptography chip keys never leave the device and that it’s physically and logically impenetrable.
For IT managers the IronKey offers control over the ability to run business apps and the ability to remotely disable the device if need be.
The IronKey is aimed at IT departments who need to allow employees to telecommute, implement a BYOD policy, or give contractors access to systems. Because it will work on pretty much any PC that has the ability to boot from USB it’s also a good way of extending the life of older hardware, though performance is better if you have USB 3.0 capability.
It’s easy to use, and it offers impressive security features and the ability to keep itself separate from the host PC’s storage. It isn’t cheap at £166 for the 32GB version but then again it’s a lot less than buying a laptop.
More information is available on the IronKey website.