Engineers wearing PPE working at energy construction site

How an energy specialist protected their partner's IP with Kingston IronKey

Nov 2022
Blog Home

Protecting your intellectual property is fundamental in the energy industry

There are a few characteristics that make the energy sector especially vulnerable to cyber threats, making energy companies a rich target for cybercriminals. Utilities have an ever-increasing attack surface arising from their difficult-to-harden dispersed geographic and third-party supply chain relationships. The energy industry like most others, have seen an increasing number of cyber-attacks on its Intellectual property (IP) and business critical data that is held. These breaches can have a detrimental effect on organisations with negative press, reputational damage, financial implications, and loss of IPs to competitors. Combine this with regulations like GDPR and potential financial fines as a result of breaches. For all organisations, ensuring all endpoints are secure and can be audited is so important.

Challenge

A leading global specialist partner in the energy industry carried out an IT security assessment across their entire device portfolio. The current strategy allowed all employees to access company data and use any storage device they brought in and plug it into their network. The risk to the organisation based on the current endpoint device management strategy was very high and therefore require corrective action to mitigate further risk of malware or intellectual property being saved on personal storage devices, removed from the organisation, being lost and/or falling into the hands of a competitor which would be detrimental for the organisation. They also reviewed what type of data employees may need access to data via portable storage.

They decided that all office-based employees connected to the network could use SharePoint or similar cloud-based sharing tools to save and share data, which was approximately 60% of the work force. The remaining 40% of employees with field-based jobs would need to be able access the company data outside the Wi-Fi network when on site, on oil rigs for example. They would require easy to use encrypted portable device. They needed to ensure that the new solution they rolled out could be approved and managed by their own endpoint management software. The energy industry specialist partner was also looking to set policies so that unauthorised storage devices cannot be used within their network and will be rejected by their endpoint management based.

The mechanical machine sector of the energy industry is quite niche and extremely competitive, so they knew it was important to roll out this new end point management strategy as quickly as possible to mitigate the risk of losing any intellectual properties such a machine design patents.

Solution

IronKey VP50 standing vertically on a desk

To support the specialist energy industry partner with their request, we offered our free Ask an Expert service. During the initial call we were able to establish exactly what the organisation were trying to achieve with their new endpoint management project. After these meetings/calls, we were able to recommend a potential solution that would enable them to use their current active directory and deploy a user-friendly encrypted USB solution to their field services and engineering teams. It allowed them to have the perfect mix of business-grade security, scale, and cost.

Since one of their key requirements was the ability to provide approved encrypted USB drives to their employees, we achieved this by leveraging one of our customisation programme’s options to assign custom PIDs (Product ID) that is unique to their organisation. This custom PID allowed their organisation to approve this PID with standard end-point management software so that only the Kingston IronKey encrypted USB drives purchased for their organisation will function at the endpoints. It means they will have control over what drives could be used within their organisation and they had ability to audit all data files downloaded. It also means they will control who is using their end-point management software, protecting the organisation’s IP and sensitive data.

By deploying our IronKey Vault Privacy 50 encrypted USB drives the organisation was able to implement a cost-effective user-friendly business-grade security USB drive for sensitive data on the move with AES 256-bit hardware-based encryption in XTS mode.

To support further security, flexibility and offer peace of mind, the IronKey VP50 supports multi-password (Admin, User, and One-Time Recovery) option with Complex or Passphrase modes. This enhances the ability to recover access to the data if one of the passwords is forgotten. Traditional Complex mode allows for password from 6-16 characters using 3 out of 4-character sets. New passphrase mode allows for a numeric PIN, sentence, list of words or even lyrics from 10 to 64 characters long. Admin can enable a User and a One-Time Recovery password or reset the User password to restore data access. Brute Force attack protection locks out User or One-Time Recovery passwords upon 10 invalid passwords entered in a row and crypto-erases the drive if the admin password is entered incorrectly 10 times in a row.

This specialist energy industry deployed over 300 Kingston IronKey VP50 encrypted USB drives remotely via mail to their field-based employees in over 30 countries and achieved 100% usage compliance with very positive feedback on ease of use.

As a result, this energy specialist partner is ensuring that their endpoint management policy is more secure by blocking unauthorised USB Flash drives, helping to keep their intellectual property and sensitive date is safe on hardware-encrypted drives. This roll out has also ensured that their organisation is complying to regulatory standards.

#KingstonIsWithYou #KingstonIronKey

Ask an Expert

Ask an Expert

Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.

Ask an Expert

Related Articles

Blog Home