This is the second part of a two-part interview with Javier Arrospide, CEO of Advanced Systems International and lead author of USB Lock RP, a piece of software designed to protect information contained in organizations network personal computers (PCs). You can view the first part of the interview here.
USB Lock RP allows companies to grant specific permissions to specific USB devices. IT personnel can then monitor whichever users activate these devices—and for how long—from a custom control center employable via the software. USB Lock RP also protects against unauthorized use on other interfaces, including MTP, e-Sata , Firewire, DVD, Bluetooth, IrDA and WiFi.
A demo of the USB Lock RP Network endpoint security technology can be found on the company’s website here.
Before entering the field of information security, Arrospide worked in the oil industry. This experience helped him cultivate a mindset in which the organization always comes first. As a result, with the advent of “plug-and-play” (PNP) in the late ‘90s, Arrospide became seriously concerned about the threat of employees stealing company information using new PNP hardware. This led him to pursue software development and to create the first iteration of USB Lock software.
Arrospide notes that, going forward, businesses need to create new mechanisms that help control how employees interact with company information. He feels that two recent developments justify this view: PRISM and Heartbleed.
A massive data-mining effort led by the U.S. National Security Agency (NSA), PRISM enabled members of the American intelligence community to monitor exchanges conducted not only over Facebook and Google, but also within private businesses if certain keywords were used in company messages. Programs like PRISM threaten to compromise the data, solutions, and inventions of private businesses.
Meanwhile, it is said that the NSA knew about the Heartbleed bug for at least two years but left it unpatched in order to exploit intelligence-gathering opportunities. Obviously passwords are important, but as Heartbleed has shown, they can be broken and de-engineered.
In Arrospide’s mind, both PRISM and Heartbleed will likely lead companies to institute blanket policies prohibiting the use of personal email, DropBox, cloud services, and social media in the workplace. Arrospide hopes to help companies better protect themselves from within, noting that USB Lock RP has the added bonus that it is disconnected from the Internet and, as a result, gives businesses a heightened degree of control over their information.
Towards this end, Arrospide has some exciting new USB Lock modules he hopes to implement in the near future. One will offer users functions similar to DropBox. Another will be able to authorize certain social media platforms. This particular feature will go beyond firewalls by operating through content delivery networks (CDNs). Arrospide envisions that this will add a second layer of protection by taking different IP address located around the world into account.
For more information about Javier Arrospide and USB Lock RP, please visit their website here
David Bisson | @DMBisson
Bio: David is currently a senior at Bard College, where he is studying Political Studies and writing his senior thesis on cyberwar and cross-domain escalation. He also works at the Hannah Arendt Center for Politics and Humanities at Bard College as an Outreach intern. Post-graduation, David would like to leverage his extensive journalism experience as well as his interest in computer coding and social media to pursue a career in cyber security, both its practice and policy
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.