IronClad’s “PC on a stick” could be a benefit or a threat

Defense contracting giant Lockheed Martin announced the general availability of its IronCladTM secure USB drive as a fully self-contained PC, containing operating system, applications, and data all within a flash drive form factor that presents the ultimate in portability. This is the latest innovative use of the Ironkey secure USB device, which to date has been positioned in the market largely as a highly secure portable storage device. The IronClad “PC on a stick” is designed to let a mobile user plug in to any client computer platform to leverage the I/O and connectivity of the host while bypassing the host’s hard drive. Lockheed suggests that this optimizes mobile connectivity by turning any borrowed PC, workstation, or computer kiosk into a secure personal computing platform. Because no access to the host hard drive is needed, the company also claims that no evidence of IronClad’s use will be left behind.

To be clear, Lockheed does specify the minimum requirements necessary for IronClad to use a host computer, notably including a BIOS that supports booting from USB, and presumably organizations that have implemented USB device blocking or port restrictions will not be at risk for IronClad users gaining unauthorized access. However, to the extent that USB drives already present a security risk as an mechanism for data theft, it seems that be able to carry a fully functioning PC on a flash drive (instead of just storage capacity) raises the bar substantially in terms of potentially needing to guard against the use of these devices. IronClad appears targeted to enterprise users as an alternative to some routine laptop uses, including remote device management and security administration functions including remote destruction of flash drive contents. There is no reason to assume that an IronClad user would be any more able to gain unauthorized access to a network using USB device than someone with a laptop — access to a connected host computer is still required, so the only practical difference with IronClad is you appropriate a USB port instead of borrowing a network cable. It is less readily apparent however if an individual user of the device might be able to configure it to help gain access to “guest” network environments. The product marketing information most directly emphasizes using IronClad in a way that turns a public or shared computer into a secure virtual desktop, but the company’s emphasis on “leaving no trace” should sound attractive to attackers who value stealthiness. Presumably the device’s built-in remote management features and ability to use physical network connectivity of its hosts would also result in the sort of data stream that an IDS, event log monitor, or SEIM tool would be able to identify. In this context the potential attempted unauthorized use of an IronClad device is no different as a security event than any conventional use of third-party client computers, and should be monitored and guarded against in the same way.