Biometric Thumb Drives?

osopolar asks: "I work as a security analyst for a 10 billion dollar bank and we are currently looking for biometric thumb drives as emergency backup/recovery solutions for our local branches. We do not have IT people at every branch so the backup must be done by a branch manager, so the device needs to be easy to use. How would you backup information securely? What thumb drives do you recommend?"

er...

[fiddlesticks]

You work for a '10 billions dollar' business that can't afford enough IT staff in its branches and gets hardware recommendations from 'ask slashdot'?

Re:missing laptop

[the+eric+conspiracy]

That's why you uxe multifactor security.

Thumb down the thumb drive

[maggard]

Backup? A 10 Million, er, I mean, BILLION, dollar company?

Yeah, thumb drives, there's an idea.

No, wait, gotta sex it up....

Thumb Drives with Biometrics!

Riiiggghhhttt......

Honey, yer wastin' yours & everyone ele's time with this DOA idea.

Encryption? At the source. Not some lame-ass "biometric" solution grafted onto a thumb drive, if some crazy Pacific Rim factory has pumped out such an inane idea yet . Then who gives a rats ass, your 1 GB, or 2 GB, or whatever, is properly encrypted. But if that's your local branch's disaster recovery strategy well, I'm scared.

For the sake of all of our investments please post your employer, so we can all move our funds to some other 10 billion dollar business that has legitmate disaster recovery strategies.

Hey Cliff, was there REALLY nothing better in the "Ask Slashdot" queue?!

Other Suggestion

[Vandilizer]

Fist off asking slashdot is a fantasist idea you might get an off the wall idea as it to follow or just some good general advice. Being vague might just be a problem with and NDA. Paying some one or going only with in your own department you are only going to get what is familiar, which is not the best answer.

Now as for the biometric key drives in personally research they do not provide enough protection to secure such data.

What I would suggest is just a portable USB hard drive. With all the data encrypted using a key generated from the unique serial numbers on the computer and an additional random generated number stored on a key such as this one (http://www.marx.com/en/products.php) or just any public key, each branch could also have one key with the privet key to decrypt the data in case they need to recover it locked in a vault preferably requiring at lest 2 different people to access this key since (if you are in a bank as you say this should not be that hard to arrange) they would never need this key unless they were doing a recovery and you could also key one at a central site incase of an unforeseen events or not, but I suspect if they ever loses theirs you would just replace the entire set (though you would have a much bigger problem on your hands I would think).

Seeing as there small key has 4kb of storage using a large key with AES (probably SHA-512 or again what ever tickles you) would keep your data pretty safe or at lest the government would think so.

The only other thing I would recommend in keeping 2 backups in 2 completely different locations, people do walk off with stuff, or more politely they misplace things.

Hope this helps or gives you some ideas, I am just babbling a little from things I have done. Post if you have a question or want to strike up a conversation.

Injoy

Bad Idea

[miyako]

I have to agree with some of the other posters, this biometric thumb drive idea just smells horribly of a poorly thought out plan that is destined to fail catastrophically when your company either makes it into a money sink that never works out properly, or a poor implementation leads to sensitive data being stolen.
There are a number of reasons that it just seems like a strange a bad idea to me, but here are some of the most obvious things that pop into my head:
Firstly, thumb drives seem to be just now getting up into the 2GB range. I'm sure you could find larger ones if you looked, but the largest drive I was able to find with a google search for "thumb drive biometric authentication" was 2GB - and that devices wasn't exactly secure, since the biometric authentication could be overridden by a password. Now, the thing about it is, what sort of data do you have only 2GB of that is so vital as to require it's own backup system? Furthermore, what data do you have that is so vital that it requires it's own special backup system with biometric authentication, and is not vital enough that you aren't already hosting it on some machine with a RAID and nightly backups to tape. Most data that people need to back up now days tends to be stored in a database, which are going to log the hell out of everything, plus have multiple backups- onsite and off site. The idea of some 10 billion dollar banking institution having all of their local branches running their systems on a local access database, and a bank manager backing up the database file to a thumb drive every night would be frightening if it wasn't so absurd.
The second big thing that jumps out at me is the fact that biometrics really aren't all that secure. Many finger/thumb print recognition systems can be defeated with a gummibear; and I've never seen any sort of thumb drive with a built in retinal scanner.

Data kept at branches?

[binaryspiral]

Why is your bank even keeping data at its branches?

Get your $10,000,000,000 company to establish multiple redundant secure datacenters that the branches connect to using point to point connections along with strong encryption. No Internet connectivity... just centralized data storage in multiple places. I wouldn't even dream of allowing a branch manager access to infrastructure or data storage, six letters popped into my head... OMFG NO!

When a tornado comes along and wipes a branch office off the map - wtf is a thumbdrive going to be useful when the manager's thumb is nowhere to be found?

Your company rolls in a trailer with teller machines and Satellite feeds for data connections to the data center - and your customers' information is still safe in the central location and accessible the next day, even while they're still trying to ID the manager's corpse.

I just looked at a bank server

[zogger]

Not too long ago. It was a used one from a small local bank in my rural area, they had upgraded and this guy had it in a shop for some mods to be done for the new owner (I tried to buy it but the new owner thought it was too cool, wanted to keep it for a home mega server or something). It had 12 scsi drives and 4 processors, IIRC PPs, but I might be wrong on that, forget now..anyway, a nifty looking mega tower. I wanted it for..well because it was dang cool, that's why! Figured I'd slap a good vid and sound card in there until the power bill came in, then do something more practical with it..anyway, I didn't get it.

    Now, I have no idea what used to be on it (even if they wiped it securely, which I doubt)(hmmm), but I can't *imagine* reproducing even that on a small thumb drive, let alone what new stuff has to do nowadays. So, I don't think that is the exact question, and for that matter, this theoretical secure thumbdrive needs to be inserted into a working computer to be of much use, so there ya go on that. I think it's only to store some login and administrative tools, which are probably done remotely now.

  Therefore, is the submitter just asking for getting the whole bank computer system to just turn itself on? Is that the real question? Something to eliminate the remote admin access and to make the local branches independent and still able to function in the event of a near catstrophic emergency? That is my guess,there is a lot of contingency planning going on now around the nation, that this is homeland security worst case scenario bird flu or terrorist attack or economic meltdown or whatever related.