Solutions for Portable Security

Teleworking enables flexibility in the workplace for employees by offering flexible work locations and to some extent, flexible working hours. Working from home is the most common scenario and offers many potential benefits to employees, employers, and to society in general including:

• Reduced commuting times and costs
• Better balance of work and family
• Improved motivation
• Better employee retention
• Reduced office space costs
• Improved continuity of operations (during disasters, pandemics, relocation)
• Fuel savings and lower CO2 emissions
• Less traffic congestion and fewer automobile accidents

Boot-from-USB solutions are getting serious attention from organizations who are considering various teleworking technology options. Convenience, security, and further cost savings are envisioned as employees can use their home computers with a secure USB device rather than having to be issued a managed laptop. However, the type of boot-from-USB solution that is chosen can have a great impact on the productivity of the teleworker and hence the bottom line of the teleworking arrangement.

While the benefits for teleworking are significant there are also challenges that both the teleworker and the employer will face. When at home, the teleworker is going to be physically isolated from co-workers, and will need to rely on being digitally connected. This is a big impact on communication and directly affects the ability to convey ideas and interact with others. A study by the Journal of Applied Psychology (http://hartfordbusiness.com/news2961.html) also advises that the positive effects of social interaction are important factors for employee happiness, loyalty, and productivity.

I see the effects of good communication technology every day. My kids prefer to connect to their friends on video whenever they have the opportunity rather than using IM or email. At MXI Security, videoconferencing is a tool we use regularly to connect remote offices for meetings. It will be very important for effective teleworking to be able to interact with co-workers using all forms of collaboration technologies; web conferencing, video chats, shared desktops, etc. In addition to communication technologies, it is vital to have a good computing experience for the teleworker, meaning that he has access to as many applications as needed and that they perform well. The last thing you want to do is increase the frustration level of your isolated employee.

What does this have to do with boot-from-USB? My argument is that booting into a native OS (such as in Stealth ZONE Microsoft Windows Embedded Standard Edition) is a key technology for successful teleworking. Let’s take a look at why.

Boot-from-USB into a native OS (rather than a virtualized or remote access solution) offers direct access to the hardware resources of the host machine which has many positive implications. First, you will have access to the host machine sound and microphone so that teleconferencing is an option without relying on the availability or expense of the user’s home phone. You will have good native graphics performance. This means your employee won’t have to wait for the screen to scroll as he is browsing or working on documents. He will be able to use his applications at full resolution so he can view two documents at once instead of one. He will be able easily to use his graphics tools to sketch up ideas and share them. Applications will be able to use all of the available CPU power and memory which means more applications can be run and they will be faster (some heavy-duty applications won’t even install in a virtual environment). You will have access to web cameras and microphones so that employees can connect with others using videoconferencing. Finally, the ability to install and run applications locally is also very important for productivity. You do not want to rely on the employee’s home Internet provider to be always available for your employee to be able to work.

All of these elements add up to an optimal experience for the teleworker and ultimately contribute to the employee’s happiness, motivation, productivity, and your bottom line.

Have you heard the phrase “PC on a stick”?  Or maybe one of these: “desktop virtualization”, “boot from USB”, “application bubbles”, “portable desktop”.  What do they mean?  These phrases encapsulate some exciting developments happening with portable storage.  The last phrase, “portable desktop”, describes it the best for me and it pretty well means what it says.  It’s the ability to carry your computing environment around with you without carrying the machine.

The idea is that you no longer need “your” laptop to be productive when you are away from the office.  You just need “a” machine as long as it has an accessible USB port for you to plug your device into.  Either by rebooting the machine or running within a virtual machine, or an abstracted operating system, you have access to your full corporate desktop and operating environment “running from the stick”.  To be clear the OS does not actually run within the stick but uses the CPU of the host machine.  The trick is that nothing gets (or should get) installed on the host and ideally, no trace of the portable desktop remains once the device is removed.  In effect the machine becomes a monitor, keyboard and mouse while your USB device becomes the “C” drive. 

The concept of portable computing has been around for some time.  There’s been remote computing where you need to connect to a server to access your desktop, and we’ve had portable applications which may give you some productivity but needs to run within a non-trusted OS.  The large memory capacities that are now available in flash drive form factors are making it feasible to carry full blown operating systems such as Windows on a stick.

I can imagine a utopian world of portable desktops where there are public machines sprinkled around airports and coffee shops like wireless access points.  People could use them with their own computing environments that they carry on flash drives - no need to carry a laptop anymore.  Perhaps this may never happen but in the corporate environment the scenario could be very real.  The IT department would manage desktops on USB sticks instead of managing the machines.  Not only that, but employees could also work from home using their own computers. 

With the right portable desktop implementation even that uncontrolled, malware infected machine that the kids use to play video games could be used and the IT department wouldn’t care.  It is easiest to understand how this is possible by looking at a “boot from USB” portable desktop as an example.  When you reboot the machine from USB you take full control since the hard disk of the host machine isn’t even used.  Provided the portable desktops are fully managed, the organization still has full control over the employee’s computing environment.

If you are seriously contemplating deploying portable desktops here is a list of essential security requirements to look for in a solution:

• The USB devices are fully managed
• No trace of information is left on the host.
• No data can leak from the portable desktop to the host machine.
• No malicious code residing on the host machine can access the portable desktop
• The desktop is fully encrypted (or at least the sensitive parts)
• Strong user authentication is required to access the encrypted desktop
• The desktop is not accessible unless it is actually running. 

That last point is worth an interesting final note.  It implies that you should not be able to see or manipulate the desktop data just by plugging the USB device into a machine (even after authenticating to the device).  Otherwise you would have an exposure to corporate data leaking from the desktop or malicious code infecting the desktop in an uncontrolled environment.  Think of it behaving like an internal hard disk of a PC when it is turned off.  This is contrary to a flash drive’s normal operation, which is to allow data to be transferred on and off.  It looks like a flash drive, but it’s not acting like one…