Shared PCs

The Challenge with Sharing PCs

Sharing PCs between employees makes a lot of economic sense, especially in health care, public service and law enforcement, where ruggedized laptops can be priced in the thousands of dollars. One workstation shared by different employees and different work shifts. Sounds great and saves money. One big problem – they use different email accounts, different data files and based on roles, different programs. All of the sudden, sharing PCs and workstations comes with a lot of trade-offs. Another major issue arises when the employee takes the laptop or PC home for use in telecommuting or other work related functions. The platform is now in an unsecured location and the inadvertent access by a friend or family member may inject malware or create another compromise.

How do you enforce strong separation of personal and company information from one sharing employee to another, prevent company data from leaking from one employee’s allowed roles and access privileges to another, and ensure that terminated employees do not pass confidential information on to their new employers?

How SPYRUS Helps

SPYRUS Windows To Go live drives provide a powerful enforceable solution for the challenges involved with supporting multiple users on a common pool of corporate owned computing platforms. They achieve this by providing both a strong hardware-enforced cryptographic separation and a physical separation between individual computing environments that makes data leakage or attacks all but impossible between the two or more shared user configurations, even when sharing the same host platform. A full disk encrypted partition containing an approved user’s image of the corporate operating system, user privileges, and their specific data storage and application functionality resides on each physical WTG device assigned to a user, replacing resources resident on the host platform. The SPYRUS WTG device now functions as a specific user-assigned secure managed endpoint extension of the corporation’s IT infrastructure. With cryptographic separation of the devices, no electronic history or footprint is left behind when physically unplugged from the shared host platform, which for further isolation, may be a diskless system without the WTG device.

The full spectrum of features provided by the SPYRUS family of Windows To Go devices assure a secure, managed endpoint in a compact, highly cost effective USB 3.0 device, that is an extension of the corporations IT infrastructure. The use of the SPYRUS Windows To Go products can also provide new life to the corporation’s inventory of outdated computing platforms, allowing them to be used as the “second” or home computer by telecommuting employees. Documented business cases have shown that an IT organization can save up to 75% in per-employee IT costs by issuing a hardware-encrypting drive such as the SPYRUS Worksafe Pro™ with repurposed older PCs and Macs and eliminate the need to purchasing new laptops.   And additional benefit results when the IT costs are reduced by providing the SPYRUS Windows to Go solution as a common computing platform regardless of the brand, OS, form factor of the laptop or desktop it is plugged into.

Some notable features are as follows:

Security for Data at Rest

SPYRUS WorkSafe™ Pro and Secure Portable Workplace™ use an advanced XTS-AES 256 mode of encryption, totally transparent to the user while operating at SSD category speeds. It is the IEEE standard for full disk encryption and much stronger than using software based full disk encryption. For added protection without reducing performance, SPYRUS provides its Defense-in-Depth two-layer encryption protection by enabling optional   BitLocker software encryption, with the BitLocker passwords securely protected in the hardware encrypted memory partition. (SPYRUS Windows To Go Live Drives)

Mitigate Data Leakage and Malware Propagation

For teleworkers performing their duties by accessing cloud based applications or via remote portals, the SWTG devices provisioned for Read-Only provide strong cryptographic security for VDI and thin-client applications by eliminating persistent data changes to the data stored on the drives and also mitigate the persistent threats of exfiltration and malware propagation. (SPYRUS Windows To Go Live Drives)

Device and Data Management

All SWTG products are complemented by the SPYRUS Enterprise Management System (SEMS) which is almost a necessity in a shared PC environment. Worker and endpoint device mobility for connection to shared computers has brought an increase in productivity along with inherent risks associated with carrying confidential and proprietary enterprise data and intellectual property on a portable USB device that can easily fit in a briefcase, handbag or even in the palm of a hand. With such portable endpoints, it’s no surprise that these devices can be temporarily misplaced or lost. The strong encryption and password protection in all SPYRUS USB drives mitigates the threat from even professional and nation-supported sophisticated attacks on the data within the drives as well as even loyal employees who sometimes forget about security and carelessly leave their devices or device passwords exposed and unattended. Policies do not protect against a rogue employee storing large amounts of valuable data on a device and walking out the door with it and the organization’s information.

The SPYRUS Enterprise Management System, SEMS, is the SPYRUS device management system that remotely controls user access to, and the operational states of, enterprise-deployed USB devices in order to mitigate threats of misuse and data loss by malicious or improper user operations. Administrators using SEMS can remotely disable and re-enable a device, or remotely destroy keys and data to “kill” the operability of the device, issuing the appropriate command based on whether a device is misused, lost, or stolen. Regardless of where devices are located, devices can be managed and audit facilities will capture related user actions which can then be monitored centrally to observe profiles of use and trigger notifications for unusual activities.

Equally important for deployment is the ability to change policies for use of the device, often by groups or even by individuals. Rather than requiring the return of devices to organizational administrators for user registration, or modifying usage policies, e.g., off-line usage limits, or recovering forgotten passwords, SEMS supplies the facilities to execute such controls from a central location(s) to control devices globally. The SEMS hierarchical architecture facilitates national and organizational device policy definition, user audit and device control procedures such that help desk administrative consoles can be deployed based on respective enterprise needs. The device usage and protection polices most appropriate for each enterprise entity’s criteria can be customized and enforced. (SPYRUS Enterprise Management System – SEMS)

We already work with:

Speak to an Expert

If you would like to speak with a SPYRUS expert regarding our products and services, please click on the button below to get all of our contact information. We look forward to assisting you and answering all of your questions.