'Windows To Go' Device Wins Federal Cryptographic Certification

With FIPS 140-2 Level 3 certification, the Imation IronKey portable USB-based workspace becomes a mobility option for both civilian and military agencies.
Solar-Powered Wearable Tech Lightens Marines' Loads
Solar-Powered Wearable Tech Lightens Marines' Loads
(Click image for larger view and slideshow.)

Federal cryptographic device certification for a USB drive containing a full Windows 8.1 workspace opens new possibilities for federal worker mobility and telecommuting, as well as another way of providing computer access to contractors.

Imation says its IronKey Workspace W700 is the first -- and so far only -- USB device to make the Windows to Go environment available with FIPS 140-2 Level 3 certification, which makes it suitable for a broad range of civilian and military government applications.

"That's the level we've been selling to the military for use when they are in the battlefield," said Mats Nahlinder, director of product management for IronKey. It means even if the device were lost or stolen, an adversary would not be able to gain access to the contents of the workspace.

[Mobility under control? Read 3 BYOD Risk Prevention Strategies.]

When plugged into a PC (meeting at least the minimum hardware requirements for Windows 7), the device acts as a bootable drive, making it possible to boot a clean, trusted, and centrally managed computing environment onto a home computer or other non-government computer without worrying whether that computer might be infected with malware or otherwise compromised. Because the computing environment is self-contained, a computer booted in this mode accesses only the software environment contained on the USB, not the hard drive of the computer. The computer is used only for CPU, display, keyboard, and mouse. The gadget even works with some Macs (a mode Microsoft doesn't officially support but Imation does) and some tablets.

Imation has federal customers for its FIPS 140-2 Level 3 storage devices and has also sold a previous Windows 7 version of the workspace product to federal customers, Nahlinder said, although he declined to name them.

Microsoft introduced Windows to Go as an officially sanctioned deployment mode with Windows 8, and Imation adapted its product to match. The one government customer the firm has publicized for its Windows to Go product is Fairfax County, Virginia. Federal customers would not have been able to consider the product prior to the certification under FIPS, the federal information processing standards.

Federal Information Processing Standard Publication 140-2 is a certification program for cryptographic devices, at four levels of increasing rigor. In particular, it is concerned with making it hard to access the security key that could be used to access and decode the encrypted data stored on the device. FIPS 140-2 Level 1 is a basic level of cryptographic capability, essentially just meaning the device is capable of encrypting data to a minimal standard. Level 2, the minimum required for most civilian and military government applications, means that the device is designed to show evidence of tampering -- someone trying to gain access to the cryptographic keys stored on the device might have to break a physical seal, for example. At Level 3, the device must also be tamper-resistant, meaning that it is very hard to break open and may automatically wipe sensitive data if it should be breached. Level 4 represents an even higher level of protection.

Other features of the of the IronKey W700 include:

  • Support for CAC/PIV, enabling active-duty military personnel, government employees, and federal contractors to unlock their IronKey Workspace W700 devices with their issued smart cards and gain seamless authentication to their desktops.
  • Ruggedized, waterproof drives, built to military standards (MIL-STD-810F), with a virtually indestructible metal casing that protects against physical damage and has sealed components that defend against tampering.
  • More than five times the minimum read/write performance required for Windows To Go Microsoft-certified devices.
  • Military-grade security with hardware-based AES-256 bit encryption and strong authentication to keep data safe and secure.
  • An IT provisioned, managed, and secured workspace infrastructure that includes a startup assistant to help configure the computer system for automatic USB boot to Windows To Go, an easy-to-understand end-user interface, and self-help options with links to useful web pages.

NIST's cyber-security framework gives critical-infrastructure operators a new tool to assess readiness. But will operators put this voluntary framework to work? Read the Protecting Critical Infrastructure issue of InformationWeek Government today.

Editor's Choice
Brian T. Horowitz, Contributing Reporter
Samuel Greengard, Contributing Reporter
Nathan Eddy, Freelance Writer
Brandon Taylor, Digital Editorial Program Manager
Jessica Davis, Senior Editor
Cynthia Harvey, Freelance Journalist, InformationWeek
Sara Peters, Editor-in-Chief, InformationWeek / Network Computing