SAN RAMON and LOS ALTOS, Calif., March 1, 2010 – Today, DeviceLock®, Inc., a worldwide leader in endpoint data leak prevention software solutions, and IronKey the leader in secure and managed portable computing solutions, announced the successful deployment of a layered data protection/encryption strategy by joint-customer Momenta Pharmaceuticals. The strategy encompasses encryption and control of any portable electronic devices (PEDs) allowed connection to its production network, relying on DeviceLock for endpoint port-device security, IronKey multifunction USB security devices and PGP® Whole Disk Encryption for securing files on laptops. Based in Cambridge, Massachusetts, Momenta Pharmaceuticals is a biotechnology company specializing in the characterization and engineering of complex drugs.
“Why encrypt a PC hard drive when you are going to allow the flash drive lying next to it to be unencrypted?” was the question that drove Tim Mugherini, senior manager of network infrastructure & security at Momenta, to take this comprehensive approach. “Our scientists are highly mobile workers, and our encryption and data security strategy had to account for the whole scenario of how they use and move data. They need to be able to access data from our network at all times of the day and at night. Also, they regularly collaborate with peers outside our company, and portable storage devices are an invaluable tool for them as they travel between venues to give and attend presentations,” Mugherini explains.
As a biotech innovator, Momenta Pharmaceuticals places high value on its intellectual property and keeping this data secure is a top priority. Protection of the Personal Identity Information (PII) of its employees and other Massachusetts citizens was another factor driving the data protection/encryption strategy. Deployment occurred well in advance of the March 1st deadline for Massachusetts’ new data protection and privacy law, MA 201 CMR 17, which mandates that all companies that store or use personal information about a Massachusetts resident must have a written, audited plan to protect it.
“Understanding the dynamic nature of attacks, we designed a security policy and infrastructure that applies universally to all data and all users,” explains Mugherini. “Our strategy is that every PC endpoint has a license for DeviceLock, all notebooks have PGP licenses, and each of our employees gets an IronKey multifunction security device. This gives us an across-the-board solution that protects all data stored by the company, whatever its use. We are now sure that the data leaving on our devices is encrypted, whether the contained files pertain to our next breakthrough drug or next week’s payroll. In all cases, protections are in place in the event that a device is lost or stolen.”
Unlike conventional USB flash drives and memory sticks, IronKey multifunction security devices provide intelligent secure storage with military-grade hardware encryption, strong, two-factor authentication and on-board security features. IronKey also includes technology on-board to prevent malware from infecting IronKey devices, and then spreading onto networks.
DeviceLock, through its robust white listing features, ensures that only Momenta-allocated IronKeys and other specifically approved devices are assigned per employee account. The use of any other device on managed Windows endpoints is restricted. Momenta took this approach to encryption at the device-level, because hardware encryption is more reliable and effective. Also, users may plug an IronKey device into any system available, and everything is self-contained.
“If our employees were carrying PGP-encrypted files on their USB devices, for example, and they needed to use an outside guest system to unload them for a presentation, the chances that the system would have the right software installed would be slim to none," continued Mugherini.
DeviceLock provides scalable, centralized, and easy-to-learn management and administration via a Microsoft Management Console (MMC) snap-in that natively integrates with the Group Policy Management Console (GPMC) in Microsoft Active Directory. A separate component, the DeviceLock Enterprise Server (DLES), is available for centrally collecting audit and shadow data automatically from managed endpoints. Highly-granular event logging and data shadowing configurations are supported for tracking and analyzing user actions on peripheral ports/devices, related system events and data transferred to approved peripheral devices. DeviceLock’s comprehensive mix of configurable policy parameters and options facilitates the definition and enforcement of a “least privilege” corporate IT security policy. With DeviceLock, IT security administrators are equipped to logically profile the business role of every employee, group or department with regard to their use of local PC ports and peripheral devices, keeping each to the minimal set of operations required to perform their role. This reduces the overall risk of data leaks and helps organizations to better comply with applicable IT security regulations and industry standards.
IronKey is the global leader in providing secure and managed portable storage, authentication, and trusted virtual computing solutions for mobile workers. IronKey multifunction portable security devices, management software and associated services are designed to meet the security, performance, and privacy standards of the most demanding enterprise and government customers. IronKey solutions range from IronKey Basic, the world's most secure USB flash drive, to the IronKey Enterprise Virtual Desktop solution for carrying a secure operating system and virtual desktop environment on a pocket-sized device. IronKey products are FIPS 140-2, Level 3 validated. Thousands of customers use IronKey, including Fortune 500 companies, enterprise organizations in financial services, healthcare and legal markets, as well as government agencies, including FEMA, NATO and DHS. For more information, please visit www.ironkey.com.
About DeviceLock, Inc.
Since its inception in 1996 as SmartLine, DeviceLock, Inc. has been providing endpoint device control software solutions to businesses of all sizes and industries. Protecting more than 4 million computers in over 60,000 organizations worldwide, DeviceLock has a vast range of corporate customers including financial institutions, state and federal government agencies, classified military networks, healthcare providers, telecommunications companies, and educational institutions. DeviceLock, Inc. is an international organization with offices in San Ramon (California, US), London (UK), Ratingen (Germany), Moscow (Russia) and Milan (Italy).