Survey Reveals Employees Evade And Ignore Network Security Policies

Ponemon Institute and IronKey Announce Results of a Survey Showing Non-Compliant Behavior in the Workplace Puts Organizations at Risk

TRAVERSE CITY, Mich. and LOS ALTOS, Calif. - June 10, 2009 - There is a general lack of awareness and enforcement of security policies and procedures in companies today, according to new research announced by privacy and information management research firm, Ponemon Institute. The report, Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security Policies, was sponsored by IronKey, maker of the world's most secure flash drive, and examines the challenges facing IT professionals in securing confidential data.

Facts/Highlights:

* The majority of respondents admit to serious non-compliant workplace behaviors that place their companies at risk. Such behaviors include the insecure use of USB memory sticks, use of Web-based email, sharing passwords, turning off security settings and more.
* According to the study, 69 percent of employees surveyed said that they copy confidential or sensitive business information onto USB devices, while only 13 percent of respondents said their companies have a policy that allows this, showing a 48 percent non-compliance rate.
* 61 percent admitted to copying confidential or sensitive business information onto USB devices, and then transferring the information to another computer that is not part of the corporate network.
* Over half of the respondents said that they download personal Internet software to their company computers, which significantly increases the risk of introducing viruses, worms and other malware into an organization's network.
* 58 percent of the respondents said that their companies do not provide adequate training about compliance with data security policies, and about the same number said the data security policies are ineffective.
* Approximately half of the survey participants said their corporate data security policies are largely ignored by employees and management, and that the policies are too complex to understand.
* Compared with a similar study conducted by Ponemon Institute in 2007, the rate of non-compliant employee behavior appears to be getting worse over time.


Supporting Quotes:

"As mobile devices become more and more prevalent in the workplace, our research shows that policies and enforcement are not keeping up with the increased risk of a data breach," said Dr. Larry Ponemon, chairman and founder, Ponemon Institute. "Employees are under tremendous pressure to be highly mobile and productive, but they aren't being properly educated on the risks to data integrity; they are taking data outside of the organizational structure without complete understanding or awareness of the serious implications of a breach or misuse of sensitive information."

"This research highlights an urgent need for organizations to implement and enforce comprehensive policies for mitigating the risks associated with the storage and mobility of proprietary data," said John Jefferies, vice president of marketing at IronKey. "While organizations have made improvements in some areas, this study shows the lack of enforcement of data security policies, the need to automate enforcement where possible, and responsibility for organizations to invest in educating and training employees to help them understand the importance of compliance."

Methodology:

Trends in Insider Compliance with Data Security Policies: Employees Evade and Ignore Security Policies is a survey of U.S.-based end-users of corporate information technologies. Results were derived from 967 responses from a sampling frame of 17,021 (5.7% response rate).

To Purchase IronKey Products Visit http://www.ironprotector.com

Ironkey Partners With Synnex To Expand Distribution Throughout North America

Channel Distribution Agreement to Support Growing Demand for IronKey Products

LOS ALTOS, Calif. and FREMONT, Calif. – May 13, 2009 - IronKey, maker of the world's most secure flash drive, and SYNNEX Corporation (NYSE:SNX), a leading business process services company, today announced that SYNNEX will resell IronKey's products throughout North America. Under the terms of the agreement, SYNNEX will offer IronKey's complete line of portable storage products to its more than 15,000 resellers, greatly expanding IronKey's reach in the channel.

With a combination of security applications and management services, IronKey delivers unrivaled protection for its USB drives and the data stored on them. Available in 1GB, 2GB, 4GB and 8GB models, IronKey devices are easy to use, with no need to install software or drivers. All user data on an IronKey is encrypted with high-speed, military-grade hardware encryption.

"We are very pleased to partner with IronKey, a leading innovator in the portable device security market," said Steve Ichinaga, Senior Vice President, System Integration Division, SYNNEX. "IronKey's incredibly secure storage solutions deliver the comprehensive protection our partners and customers require for their critical information."

IronKey delivers unprecedented mobile data security to individual, enterprise and government users. IronKey Enterprise remotely manages thousands of IronKey devices while strictly enforcing security policies across these devices, all from a centralized administrative console. Its advanced management features including the Silver Bullet Service protect against data loss or tampering on lost or stolen drives by sending a remote self-destruct signal to the drive to permanently clear all data.

"Appointing SYNNEX will enable us to significantly expand our reach into the reseller channel," said Stewart Fox, vice president of sales at IronKey. "SYNNEX's experienced sales team and thousands of resellers will help us meet the growing demand for our unrivaled portable data protection solutions."

To Purchase IronKey Products Visit http://www.ironprotector.com

IRONKEY PARTNERS WITH CRYPTOCARD TO DELIVER TWO-FACTOR AUTHENTICATION ON IRONKEY SECURE USB DRIVES

Integration of Industry-Leading Authentication Server Provides Essential Security Tool for Enterprise Organizations Deploying Portable Security Devices

LONDON, (Infosecurity Europe Conference, Stand #L78) April 28, 2009 - IronKey, maker of the world's most secure USB memory stick, today announced a strategic partnership with CRYPTOCard, a leading developer of two-factor authentication technology, in order to integrate CRYPTOCard's trusted authentication technology with IronKey Enterprise USB devices.

All IronKey Enterprise devices now ship with CRYPTOCard One Time Password (OTP) technology, which provides a two-factor authentication for CRYPTOCard's BlackShield ID Authentication Server without the need for additional physical tokens. Integrating CRYPTOCard authentication with IronKey devices significantly reduces the time needed for enterprises to deploy and manage authentication.

"We are pleased to partner with IronKey to deliver an unprecedented security solution for the enterprise," said Neil Hollister, CEO, CRYPTOCard. "By embedding our token technology into the IronKey device, we are able to answer our customers' demands for a completely portable, two-factor authentication, remote access solution via a device they will be carrying anyway, and eliminating the need to carry a separate token. By including our unique 'one pin and you're in' software solution, user access to their remote network or Web application is as simple as it is today, but with key risks mitigated."

IronKey is leading the emerging market for all-inclusive Portable Security Devices (PSDs) that provide secure storage along with a range of active security features. Comprehensive layers of protection on IronKey Enterprise devices include hardware encryption, strong authentication, secure Web browsing, identity management and malware protection.

"Enterprise organizations need to enable workers with the convenience and flexibility of anywhere, anytime access while ensuring that it is done securely," said Steve Ryan, senior vice president of business development at IronKey. "The integration of CRYPTOCard's technology with the IronKey enables us to provide comprehensive security and personal value to enterprise users on one convenient, easy-to-use, converged device combining secure storage with strong authentication."


To Purchase IronKey Products Visit http://www.ironprotector.com

IRONKEY INTRODUCES CLOUD COMPUTING REMOTE MANAGEMENT DASHBOARD SERVICE FOR MANAGING SECURE USB DEVICES

New Features and Enhancements Improve Ease of Use, Management and Security For Large Enterprise Deployments of the
World's Most Secure USB Flash Drives

SAN FRANCISCO, Calif., (RSA Conference, Booth #2433) April 20, 2009 - IronKey, maker of the world's most secure USB flash drive and portable security device, today announced the launch of its enterprise remote management cloud computing dashboard service for IronKey Enterprise flash drives. The latest version of the IronKey Enterprise management online service combines industry-leading security features with enhanced tracking and auditing capabilities, as well as a consolidated dashboard view that provides unprecedented visibility into user location, device status and usage.

The IronKey Enterprise Managed Security Service provides unparalleled centralized management of IronKey devices over the Internet, including software and service provisioning, device usage monitoring, policy enforcement, anti-malware signature updates, password resets and remote destruction. IronKey Enterprise includes enterprise network support, enabling automatic detection of enterprise network settings such as proxies and firewalls. This improves usability, particularly for users who frequently move between enterprise sites and remote locations. The new dashboard service provides a plotted map that displays all the locations where users have accessed their devices, and visually locates them by host IP, country and city.

IronKey Enterprise now includes the IronKey Identity Manager, representing a major step in establishing IronKey's leadership in the Portable Security Device market. IronKey's Identity Manager software is pre-installed on IronKey devices, and provides convenient and secure one-click access to all of a user's online passwords. The new Identity Manager also protects against phishing sites and keystroke capturing malware. Integration with VeriSign® Identity Protection (VIP) services provides true two-factor authentication to VIP Network member websites such as eBay and PayPal. Additionally, the Identity Manager's on-screen virtual keyboard eliminates the need to type passwords on a physical keyboard, providing an added level of protection against key loggers.

"Enterprise organizations realize the importance of comprehensive security and management for their portable storage device deployments," said John Jefferies, vice president of marketing at IronKey. "These new features enable large organizations that manage thousands of IronKey Enterprise personal security devices to efficiently protect and track these USB devices. It reflects the functionality our enterprise customers require, and delivering it in a SaaS model also makes it accessible for small- and medium-sized businesses and even work groups."

Updates to the IronKey Enterprise Management Services will be made available through customer management accounts on my.ironkey.com. Downloads for devices that have already been deployed are available through the IronKey device Control Panel. For more information, please visit www.ironkey.com.

To Purchase IronKey Products Visit http://www.ironprotector.com

IRONKEY INTRODUCES NEW IDENTITY MANAGER SOFTWARE WITH VERISIGN IDENTITY PROTECTION (VIP) ONE-TIME PASSWORD SERVICE

Personal Security Device Integrates VIP Credential to Provide Two-Factor Authentication to Online Accounts, Preventing Account Takeover by Phishers and Cyber Criminals

SAN FRANCISCO, Calif., (RSA Conference, Booth #2433) April 20, 2009 - IronKey, maker of the world's most secure flash drive, today announced that its next generation of IronKey Personal and IronKey Enterprise flash drives include a powerful new Identity Manager software, which extends the capabilities of its current Password Manager with built-in VeriSign® Identity Protection services. This combination enables true two-factor Internet authentication for users that log into VIP Network member websites, including eBay and PayPal.

With the IronKey Identity Manager software and the VIP credential on the IronKey drive, users benefit from convenient personal identity protection and secure access when visiting VIP Network member websites. By binding their user account to their IronKey device, consumers can prevent cyber criminals from taking over their online accounts. To log into their accounts, users need their username, password, and the VIP credential on their IronKey device. This means that cyber criminals can no longer use a stolen username or password to take over these online accounts.

"Consolidating encryption, identity management, secure authentication and secure Web browsing on a single device not only improves usability, it makes it easy for consumers to remain protected online," said David Jevans, CEO at IronKey. "The direct integration of a VIP credential is a natural extension to the inherent security of IronKey devices, and reinforces our commitment to online identity protection."

The IronKey Identity Manager provides secure one-click access to passwords, delivering convenience and protection against keystroke capturing malware. With the my.ironkey.com service, users can safely backup their passwords online and, if they lose their IronKey device, they can securely restore their passwords on a new Ironkey drive. IronKey's virtual keyboard eliminates the need to type passwords on the physical keyboard, providing an additional level of protection against key loggers.

"Consumers today enjoy the convenience of online banking, shopping, medical and other services, and they absolutely recognize the importance of protecting personal online information and identities," said Jeff Burstein, VIP product manager at VeriSign. "Deploying VIP credentials on IronKey USB devices makes it convenient for consumers to protect their digital identities and avoid online fraud using one credential to span the entire VIP Network."

Consumer identities are vulnerable. The more places personal identity information is stored, the higher the chances of identity theft. When used with the VIP Authentication Service, VIP credentials provide consumers with an easy-to-use, cost-effective way to protect their identity online. With the VIP credential embedded on an IronKey device, consumers carry one device for all their data and identity protection needs.

IronKey secure USB drives provide comprehensive layers of security to create secure portable computing environments that encrypt and protect data from loss or leakage, prevent the spread of malware and enable secure Web browsing. IronKey Personal drives are available in 1, 2, 4 and 8 gigabyte capacities, and can be ordered online at www.ironkey.com and through numerous online retailers. Prices start at $79, and include one year of IronKey Internet protection services with the device.

To Purchase IronKey Products Visit http://www.ironprotector.com

IRONKEY AND VIGIL SOFTWARE LIMITED SIGN UNITED KINGDOM DISTRIBUTION AGREEMENT

IronKey Enterprise Secure Memory Sticks with Remote Management to Protect Critical Enterprise & Government Data for UK Businesses and Government Agencies

LOS ALTOS, Calif. and LONDON, UK - Feb. 11, 2009 - IronKey, maker of the world's most secure USB flash drive, and Vigil Software Limited, a UK specialty security distribution company, today announced that Vigil will resell IronKey Enterprise products into the UK market. IronKey Enterprise brings unprecedented mobile data security to enterprise and government organizations by combining the world's most secure hardware-encrypted USB memory stick with the world's most powerful USB remote management solution. IronKey Enterprise remotely manages thousands of IronKey devices over the Internet while strictly enforcing security policies across these devices, all from a centralized administrative console.

"We are pleased to be able to sign a best of breed vendor like IronKey," said Alex Teh, founder and commercial director of Vigil Software. "IronKey perfectly complements our existing endpoint security solutions with a viable cross-platform model for mobile data security. It provides our customers with a FIPS 140-2, Level 2 compliant, hardware-based encryption device. The IronKey Silver Bullet Service allows our customers to manage the drives like no other product – even remotely destroying them if they are lost or stolen."

Insider threats, data breaches and electronic fraud are serious threats in enterprise environments. The small size and enormous storage capacity of USB storage devices compounds these risks. Physical loss or theft of unprotected devices exposes intellectual property and confidential data to unauthorized access. IronKey Enterprise is a solution that provides unparalleled centralized management of these devices including data recovery, device re-provisioning, usage monitoring, policy enforcement, content updates, password resets and remote destruction.

"We are dedicated to working with strategic channel partners who are proven leaders in bringing cohesive security solutions to their customers," said Jon Fielding, EMEA sales director at IronKey. "Vigil's focus on industry-leading security offerings helps to satisfy today's increasing requirements to protect information, comply with legislative regulations and improve productivity which makes IronKey Enterprise a natural addition to its portfolio."



To Purchase IronKey Products Visit http://www.ironprotector.com

IRONKEY UNVEILS ENTERPRISE SERVER TO PROVIDE COMPREHENSIVE MANAGEMENT OF USB FLASH DRIVES

World-Class Management Service Now Available as Virtual Appliance or Hosted Solution Enabling IT Organizations to Control and Track Fleets of Secure USB Devices

LOS ALTOS, Calif., Jan. 28, 2009 - IronKey, maker of the world's most secure flash drive, today announced the launch of IronKey Enterprise Server, an innovative and highly-scalable solution for managing IronKey Enterprise flash drives. IronKey Enterprise Server brings unprecedented mobile data security to enterprise and government organizations by combining the world's most secure USB flash drive with centralized management, remote administration and policy enforcement. Based on the proven IronKey hosted services architecture, IronKey Enterprise Server comprises a robust, policy-driven management environment that scales to thousands of users.

"Due to the highly sensitive and confidential information the Department of Homeland Security (DHS) deals with, we have extremely strict requirements and standards for the technology products we approve," said Kenneth D. Rogers, Chief Information Officer, Science and Technology Directorate of DHS. "We simply cannot expose our sensitive information to the risk of loss or theft, nor allow our systems to be compromised by malware. As one of the first customers of IronKey, it is the only drive we have the confidence to authorize for use in the agency. Having the USB management service available as a server enables us to retain administrative control, while remaining compliant with regulations restricting outside hardware hosting."

Identity theft, data breaches and electronic fraud are serious threats in enterprise environments. The small size and enormous storage capacity of USB storage devices compound these risks. Physical loss or theft of unprotected devices exposes intellectual property, confidential and proprietary data to unauthorized access. IronKey Enterprise Server is a software solution that provides unparalleled centralized management of these devices including data recovery, device re-provisioning, usage monitoring, policy enforcement, content updates, password resets and remote destruction.

"Hardware data encryption for USB devices is a good first step for protection, but in the enterprise environment, centralized management and tracking are also necessary in meeting audit and regulatory requirements," said John Jefferies, vice president of marketing at IronKey. "Our customers now have the choice of using the hosted service or implementing the Enterprise Server. Either way, they gain control and are able to reduce the inherent security risks and demonstrate compliance."

All IronKey Enterprise flash drives are configured for secure remote management by an administrator who establishes security policies that are downloaded onto each IronKey. Advanced management features including the exclusive IronKey Silver Bullet Service protects against data loss or tampering on lost or stolen drives by sending a remote self-destruct signal to the drive to permanently clear all data.

To Purchase IronKey Products Visit http://www.ironprotector.com