SPYRUS Windows To Go Devices The cornerstone of the secure mobile work place.. BYOD Win 8.1 delivers the flexibility, power and security for the mobile workforce. Approved for UK Government and Public Sector use as of October 2014. BYOD with Microsoft Windows 8.1 is now a reality for UK Government and Public Sector organisations. CESG’s and the Centre for the Protection of National Infrastructure published guidance for deploying BYOD with the Microsoft’s Windows 8.1 operating system, now allows UK Government and Public Sector organisations to take advantage of the Microsoft Windows To Go (WTG) technology. The publication also provides valuable security guidance to commercial organisations. Ref : https://www.gov.uk/government/publications/byod-guidance-windows-to-go/byod-guidancewindows-to-go SPYRUS is the leading vendor of both standard and encrypting WTG devices, with four products certified by Microsoft. These devices enable organisations to deploy Microsoft’s Windows 8.1 Windows to Go today, providing security, an unrivalled feature set and good value. SPYRUS Microsoft Certified WTG Drives Ref : http://www.microsoft.com/en-us/windows/enterprise/productsand-technologies/devices/windowstogo.aspx SPYRUS provides a number of BYOD Win8.1 Microsoft certified WTG drives with varying memory and capabilities from 32GB to 256GB, all with the option of supporting “Secure Boot”. See SPYRUS WTG Drives for more details on the available configuration options. Secure Boot The guidance defines Secure Boot as an important component of the security architecture of a BYOD device. Ref : https://www.gov.uk/government/publications/byod-guidance-windows-to-go/byod-guidancewindows-to-go#summary-of-platform-security Ref : https://www.gov.uk/government/publications/byod-guidance-windows-to-go/byod-guidancewindows-to-go#how-the-platform-can-best-satisfy-the-security-recommendations Ref : http://technet.microsoft.com/en-gb/windows/dn168167.aspx The SPYRUS WTG devices support “Secure Boot”. The SPYRUS “Toughboot” loader is signed by Microsoft and meets all “Secure Boot” criteria. Additionally a SPYRUS WTG device can be configured to boot only on UEFI platforms where “Secure Boot” is enabled, such that the “Secure Boot” checks are ALWAYS in effect when the SPYRUS WTG device is booted. The SPYRUS “Toughboot” implements numerous other integrity checks, hardware and software, before the Windows 8.1 operating system is loaded. The “Toughboot” features are unique to SPYRUS WTG devices. Assured Data at Rest Ref : https://www.gov.uk/government/publications/byod-guidance-windows-to-go/byod-guidancewindows-to-go#how-the-platform-can-best-satisfy-the-security-recommendations The SPYRUS hardware encrypting drives use on-board hardware security infrastructure that includes AES CBC/ECB, ECDH, ECDSA, ECC P-384, and SHA-384, which together make up the US Government’s Suite B cryptography, part of its cryptographic modernization program. SPYRUS is the only WTG vendor to use the XTS-AES 256 sector-based encryption mode recommended for full disk encryption by NIST SP800-38E and IEEE 1619 and the ECDH P-384 for key exchange. All data encryption is performed in the tamper-resistant, epoxy-coated cryptographic hardware. The access password is never stored on the device, in software, or on a host computer, even in encrypted or hashed form. This safeguards the keys, passwords, and encrypted data from physical attack at all times, whether or not the WorkSafe Pro or Secure Portable Workplace is connected to a host computer. Authentication Ref : https://www.gov.uk/government/publications/byod-guidance-windows-to-go/byod-guidancewindows-to-go#how-the-platform-can-best-satisfy-the-security-recommendations The SPYRUS hardware encrypting drives provide strong password mechanisms, enforcing password complexities and configurable behaviour to protect against password attacks. In addition, one of the unique competitive features that the SPYRUS WorkSafePro BYOD device provides is that it has a built in FIPS 140-2 Level 3 smart card chip. This means that the SPYRUS WTG device can act as secure authentication device on its own, in addition to being used as a Win 8.1 WTG device. Use the device’s standalone smart card capability and cryptographic features in applications such as Secure Mail, VPN, Site Access, Logon, Code Signing, Web Authentication, Digital Signing, etc. BitLocker Unlike some WTG drives, the SPYRUS WTG hardware encrypted drives can be used in combination with BitLocker. Ref : https://www.gov.uk/government/publications/byod-guidance-windows-togo/byod-guidance-windows-to-go#how-the-platform-can-best-satisfy-the-securityrecommendations This means that the data stored on the device can be afforded two layers of Data at Rest protection. One layer provided by the inherent cryptographic features of the SPYRUS device and the second layer provided by BitLocker. BitLocker keys are protected in the hardware encrypted compartment on the SPYRUS WTG device. Reset Write Protect Read Only Mode Option In order to support VDI and “Portal Applications”, where a client device only provides an access and viewing capability and no data is permanently persisted on it, the SPYRUS WTG device can be configured as “Read Only”. In this mode, data can be downloaded and worked on locally, however as soon as the SPYRUS WTG device is shutdown, the data on the device is gone. This unique SPYRUS feature is ideal for organisations that have a “Data at Rest” policy, which excludes storing data on connected client devices. Provisioning Ref : https://www.gov.uk/government/publications/byod-guidance-windows-to-go/byod-guidancewindows-to-go#provisioning-steps SPYRUS provides a set of provisioning tools called the SPYRUS Deployment Suite. These tools allow the configuration of ALL the SPYRUS features available on the drive, from the “Secure Boot Only”, to creating the “Read Only” mode of operation. SPYRUS also offers scripts that have been integrated with Microsoft’s SCCM technology for Enterprise provisioning and global deployments. Device Management The SPYRUS Enterprise Management System (SEMS) enables enterprise-wide management of SPYRUS USB encryption devices. From a central management point, administrators can remotely set and enforce security policies, monitor device transactions, disable and enable logon capability, and destroy the encryption keys and data on devices. SEMS is a critical component of any BYOD deployment, ensuring that the appropriate action can be taken, if a device and its data is compromised. Ref : http://www.spyrus.com/products/sems.html Partners Our partners are able to assist organisations in deploying Windows 8.1 on SPYRUS WTG devices. They can assist in the construction of a Window 8.1 image conformant with the guidance, set up the provisioning mechanism (SCCM , etc. ) and selected device security features on the SPYRUS WTG devices, set up and configure SEMS device management, and provide ongoing support for the BYOD deployment process. SPYRUS WTG technologies Information - Ref : http://www.spyruswtg.com/wtg-features/#WTG
© Copyright 2024 ExpyDoc
