Tracking what happened

For many companies, proving that a drive was encrypted or wiped is just as important as actually doing so in a timely manner. Regulatory compliance may depend on it. KRMC Cloud meets this documentation need in two ways: an Audit Log and Historical Reporting.

The Audit Log is a simple time-ordered KRMC event list that can be filtered on record attributes – for example, to retrieve all "device registered" events or all events with a given device name. Each record includes a few pertinent details, like the PC name and private/public IP address where a drive was last unlocked. Action events indicate time, type, and target, but we would like to also save the actual action parameters (e.g., to prove what a re-provisioned drive's policy was). We would also like to see audit trial records added for significant events by users, such as when a drive is wiped due to repeated login failure.


According to Kanguru, Audit Log records remain accessible to KRMC Cloud customers indefinitely. But nothing lasts forever, so our advice is to periodically export your account's Audit Log records to XLS files for local archival. Exported records might also be used to generate home-grown reports or fed into external systems (e.g., inventory databases).

KRMC Cloud also provides a modest set of graphical reports – basic bar and pie charts that deliver high-level statistics for a given date range. Examples include # of drives registered per month, # of actions or logins per drive, total # of actions or events by type, and # of drives that have not "phoned home" lately (a complete list appears under "Resources" in Figure 3). Hovering over any point displays X/Y values, but you can't drill down to obtain further detail or generate reports for a specific drive, user, or group. These attractive-but-superficial reports would be a lot more useful with just a bit of filtering or drill-down. Export to PDF would also be handy.



Bottom line

KRMC Cloud Edition is a new offering, launched this spring. Thus we were not surprised to find a couple of bugs. An extra unlicensed drive entry mysteriously appeared in our KRMC Cloud My Devices list; Kanguru is investigating. Our registered devices report always depicted just one drive, long after we'd activated a second drive. These problems were minor, limited to GUI presentation, not secure drive use or remote policy enforcement.

Throughout this review, we note "wish list" items – places where KRMC Cloud Edition takes a solid stab at meeting SMB needs, but could be enhanced in a future release. In short, KRMC Cloud is an entry-priced public cloud service, designed for small businesses that need to get the basics working quickly and worry about frills at a later time.

That said, it is essential for any business considering a service like this to understand both benefits and limitations. Fortunately, cloud delivery is ideal for "try before you buy." Anyone getting started with thumb drive security can try KRMC Cloud at little expense, conducting a small pilot to learn the ins and outs of centrally-managed encryption, lock/wipe, and auditing. Larger businesses considering on-premise deployment can test drive Cloud Edition to assess the value of hosting KRMC and add-ons like port control and also to test KRMC and KDE for compliance with their own security requirements.

SMBs that are very security-sensitive may not be comfortable with a public cloud service, or without the ability to centrally-initialize drives or control USB ports. KRMC Cloud Edition can be used with a large number of KDE drives, but larger workforces may require more drive/OS diversity and management scalability. But in our view, many smaller businesses worried about thumb drive security can quickly and painlessly address those concerns by investing in KDE drives and KRMC Cloud Edition.

Bio: Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. Since 1997, Lisa has been involved in mobile workforce policy development and best practices, ranging from wireless/VPN security to portable data defenses.