IronKey Workspace W700 FIPS Review: Windows To Go on one tough, secure little key drive

The first remotely manageable, FIPS 140-2 level 3 validated USB stick that can run Windows To Go. Pricey, but nicely done.

Imation Ironkey Workspace W700

Imation Ironkey Workspace W700

Looking to free yourself or your employees from the painful logistics of traveling with a laptop? Liked the looks of Windows to Go, but wanted the peace of mind that hardware security brings? You need to check out the Imation IronKey W700 Workspace--a hardware-encrypted, FIPS 140-2 level-3 validated, USB 3.0 Windows to Go thumb drive that can be managed remotely. It's the first of its breed and as secure a compute-on-any-PC solution as you'll find. It's also expensive.

If you're not familiar with Windows To Go, it's a feature of Windows 8.x Enterprise that allows the operating system to run off of a USB flash drive. This allows you to use your personal Windows work environment on just about any computer, including Macs, Linux PCs, and computers that belong to other people. As long as you know there's a computer you can use at your destination, you can travel with only what's in your pocket. Sweet.

The brushed metal IronKey W700 Workspace has a nice, solid feel in the hand and the pocket. Indeed, its slightly weighty presence makes it less likely that you'll inadvertently run it through the wash. Should you do so, the consequences are negligible: The drive is waterproof, in addition to being hardened against physical attack. The drive runs a tad warm, but that's the norm with secure flash drives sporting extra encryption hardware.

The W700 Workspace comes in three capacities: a $249/32GB version that I tested, as well as 64GB and 128GB flavors that cost $369 and $599, respectively--sans Windows, which you need to provide on your own. That's pricey, but remember you're dealing with a level-3 validated drive that's remotely manageable. It also helps to remember that it's no more expensive than a new laptop and has fewer associated costs.

While eminently secure, Windows on the W700 takes longer to get up and running than a normal Windows To Go drive, because it requires two boots: one to unlock the operating system partition, and the second to boot into Windows.

There is, however, a 500MB partition that is always visible under Windows Explorer which provides a bit of single-boot storage, contains a utility to unlock the W700's operating system partition for the next boot, and also provides a utility that will change the BIOS so that it selects the W700 as the next boot media. Alas, the latter utility didn't work with my Gigabyte GA-Z77n-WiFi's BIOS. If that proves the case with your PC, you can always invoke the BIOS or a boot menu by pressing function keys immediately after turning on your computer (typically Del, F2, F8, F11, etc.).

Provisioning--installing Windows onto the larger portion of the drive--requires IronKey's freely downloadable Admin Unlocker utility, or licensing the company's Workspace provisioning tool. which will install the operating system on up to 14 drives simultaneously. I used the Admin unlocker, which simply renders the Windows portion of the drive visible so you may install the OS. Note there's no "lock" function within the utility--the OS partition will re-lock itself the minute you remove the drive from the USB port.

IT departments rolling out fleets of W700's will appreciate its remote manageability. Using the online IronKey Remote management system ($24 per drive, per annum) you can kill the password, wipe the contents, deactivate the drive, change user and admin policies, and log its geographical location (via IP address, not GPS). Obviously, this all relies on the drive's ability to contact the server.

Curiously, though other IronKey drives may be set to perform one of the above actions if there's no contact with the server after a set period of time, that isn't the case with the Workspace series. In the case of theft, a strong password and the FIPS-compliant hardware are your defense. Imation told me if there's demand, they'll expose this feature.

Also available from IronKey are the slightly less expensive, "only"-level-2 validated W500, and the IronKey W300, which lacks hardware encryption altogether but is a significantly cheaper option if you're content to run Windows using only BitLocker, or no security at all. There are ways to run plain Windows 8 and even Windows 7 from a basic USB stick, thought: See my review of Aomei's Partition Assistant.

There's no more secure, or more easily managed solution for running Windows To Go than Imation's IronKey W700 Workspace. It's a unique product at the moment, and it's hard to conceive of any improvement upon it.

Join the CSO newsletter!

Error: Please check your email address.

Tags storagesecurityUSBencryptionimation

More about GigabyteLinuxMacs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon L. Jacobi

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place