Encrypted USB Drives

One of the most effective, cost-efficient cybersecurity solutions

The term “bad actor” once only referred to someone making a living in Tinsel Town. Now governments have used those words to describe rogue operators who carry out missions or perform actions with the intent to weaken or harm a country for the good of another. In no setting is the term more appropriate than in the realm of cybersecurity, where even the leastbad actor can do a world of hurt.

It is a given that in today’s computercentric, mobile lifestyle, everybody—and we do mean everybody—stores and transfers personal (i.e., financial/banking documents, health records, contact information of family members, vacation photos, and more) or work-related (i.e., company budgets, marketing plans, R&D documents, meeting minutes, personnel files, etc.) data. We all store and transfer data. Many of us use USB drives to do so.

With capacities ranging from 256MB to 2TB, their tremendous portability and exceptionally easy ability to be connected to various networks, USB drives have proven their value to literally millions of individuals, businesses, and government agencies. Most of these drives, however, are unencrypted, thus posing a major security risk. While they have revolutionized data storage and transport, their extreme portability has also introduced grave concerns.

They are very susceptible to being lost, breached, and misappropriated with the data on them then possibly shared with all of humanity. That leads to the possibility of critical, classified, sensitive data landing in the wrong hands, the hands of bad actors, if you will.

There is a very simple, cost-effective solution: an encrypted USB drive with strong password protection. Such drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. If ever lost, stolen, or misplaced, the data cannot be accessed. Sure, the drive is gone, but the drive’s user will have the peace of mind knowing whatever information was on there remains safe and sound, locked away, untouchable.

Speaking of Trustworthy

Encryption is the most trustworthy means of protecting confidential or sensitive data. Encrypted USB drives combine the mobility advantages of using a USB while protecting the information on the drive. No mobile means is better at keeping confidential information confidential. Confidential information stays confidential.

Companies, such as Kingston Technology, have introduced a range of encrypted USB solutions. Encrypted USB drives are designed to protect the most sensitive data using the strictest security regulations and protocols and help transport data when it needs to move beyond an individual’s or company’s firewall securely and confidently.

Cost wise, encrypted USBs are not as expensive as you might think. In the encrypted vs. non-encrypted argument, consider the costs and consequences of a data breach, lost drive etc., against the low purchase price of a non-encrypted drive. The marginally higher investment in an encrypted drive is well worth it as it minimizes any threat and provides peace of mind. Data lost due to using non-encryption drives can also lead to legal issues (HIPPA, GDPR, etc.) and consequences. Paying a little more up-front for encrypted drives will cost exponentially less than risking a potential data breach and possible fines.

Now, that you have been sold, hopefully, on the importance of using encrypted USB drives as opposed to unencrypted drives for storing or transporting vital data, there is another important choice to make.

USB-drive encryption is performed either through the device’s hardware or software. Hardware-based encrypted USB drives are self-contained, don’t require a software element on the host computer, and are the most effective in combating everevolving cyber threats. Hardware-encrypted USB drives protect against the possibility of brute-force, sniffing, and memory hash attacks due to their security being self-contained inside the drive.

On the other hand, software-based encrypted drives share the computer’s resources with other programs and are only as safe as the computer they are plugged into. The encryption is not done on the USB drive at all. A software program runs on the computer to encrypt data and then store it on the USB drive. To read it back, a software program must again be run on the computer to decrypt the data. Because of this computer- based encryption process, the USB drives themselves are vulnerable.

The Best Defense

A hardware-centric/software-free encryption approach to data security is the best defense against data loss, as it eliminates the most commonly used attack routes. This same software-free method also provides comprehensive compatibility with most OS or embedded equipment possessing a USB port.

Top-of-the-line hardware-based encrypted USB drives, such as the Kingston IronKey, use Advanced Encryption Standard (AES) 256-bit encryption in the most secure XTS mode. Additionally, they are FIPS 140-2 Level 3 certified, meaning the U.S. Government has certified the drive for use by Federal government agencies for certain data classifications, with testing done by certified labs to verify the drive’s security. This certification supports the safeguard that anyone who finds such a drive is highly unlikely to access the information. Such drives generally require a complex password with three or four character sets and a minimum length to make it much harder to guess a password. There are even battery-powered keypad drives, which make it easy to unlock using a keypad code of eight to 15 digits.

Leading USB-drive manufacturers, such as Kingston, offer encrypted USB flash drive customization to create unique, indispensable drives, which is especially helpful to businesses and governmental agencies. Selected features available for customization purposes might include:

Device Serial Numbering: for asset tracking, external and internal serial record.

  • Custom Product Identification (PID): drive is uniquely identified by predetermined combination of vendor ID, product line USB PID, and device USB serial number.
  • Capacities: some USB drive manufacturers are capable of setting the capacity of the encrypted USB drive to any data restrictions a customer wants, for example: 1GB, 512GB, 96MB.
  • Dual Password Option: administrator sets the admin-level password for drive. If user-level password is lost, administrator can use admin password to unlock drive and reset user’s password.
  • Custom Logo/Marking Laser Etching: creates an unique look or presents vital information.
  • Custom Colors: different color casings helps class identification and fulfills other needs.
  • Profile Customization: creates a fully unique product. Specific security requirements can be addressed through custom profile changes, which allows companies to create a drive with personal settings and options.

Other Options

Another option available to businesses and government entities is giving system administrators control over drives deployed across the enterprise or agency’s reach. Available as a cloud-based or onpremises solution, it allows users to establish and secure a centralized workspace or storage command center, where they can easily deploy and manage devices.

Flexible role-based administration is an efficient and cost-effective way to protect data by administering usage and encryption policies, password restrictions, and more from a central console.

Drives in the field can be monitored with a powerful, flexible asset- tracking system, which ensures devices stay current with the latest software through a forced update feature.

Encrypted USB drives are powerful tools in closing security gaps and helping ensure security. And the need for that is something both Dad’s generation and today’s can agree on.

This article originally appeared in the July/August 2019 issue of Security Today.

Featured

  • DHS Releases Framework for Safe, Secure Deployment of AI in Critical Infrastructure

    The Department of Homeland Security (DHS) released a set of recommendations for the safe and secure development and deployment of Artificial Intelligence (AI) in critical infrastructure, the “Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure” Read Now

  • Making the Grade with Locks and Door Hardware

    Managing and maintaining locks and door hardware across a school district or university campus is a big responsibility. A building’s security needs to change over time as occupancy and use demands evolve, which can make it even more challenging. Knowing the basics of common door hardware, including locks, panic devices and door closers, can make a difference in daily operations and emergency situations. Read Now

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3