Why Hardware-Encrypted USB Drives Are the Best Option for Regulatory Compliance in 2022

  • By Richard Kanadjian
  • Feb 07, 2022

Many governments and industries worldwide have mandated that various forms of personal data be protected by encryption while at rest or in transit. A few examples of commonly known regulations are HIPAA in health care, GDPR in the European Union, the California Consumer Privacy Act (CCPA), and Payment Card Industry Data Security Standard (PCI DSS). Non-compliance to a single regulation can lead to heavy-duty fines and loss of corporate reputation, loss of business, and legal implications.

Many individuals in charge of companies' IT departments or security issues deal with strained budgets. As a result, they are moving to software encryption, which can offer the exact same encryption capabilities – such as AES-256 XTS – as do more expensive hardware-encrypted USB drives, for compliance purposes, unaware of the dark side of software encryption: it is not compliant with regulations.

The issue is that users can easily remove the software-encryption feature from their USB drives. The primary reason they do so is for access to the files without use of a password, or they forgot the password but needed to use the drive. In the 15 seconds, it takes to do that, all stored encrypted files are removed, and the drive is ready for users to copy new files to the drive for easy – albeit unencrypted – access. Hence, software encryption is considered removable encryption.

How do hardware-encrypted USB drives meet an organization's needs for regulatory compliance? Read on.

1. Hardware encrypted USB drives have encryption that is always ON

There is no way for users to turn off encryption, reset the password rules (minimum length, complexity, etc.), and disable the automatic password retries.

Unlike software encryption, which does not prevent repeated password guessing through software dictionary attacks, hardware-encryption limits password retries to 10 times or fewer – and wipes out the data when the wrong passwords are entered ten times in a row. This is very secure in the age of supercomputers.

2. Hardware-encrypted drives use premium encryption controllers and incorporate many security features

While manufacturers, such as Kingston, don't always disclose all security countermeasures, there is a countermeasure to protect against BadUSB that we can discuss. At the factory, when the firmware is loaded on hardware-encrypted drives only, the firmware is digitally signed and loaded. This means that when these encrypted USBs are plugged in, the encryption controller first checks the integrity of the firmware through the digital signature and only loads it if it passes. Any attempt to replace the firmware will brick the drive, becoming non-functional.

3. Hardware encrypted USB drives can have custom Product IDs (PIDs) set up for a specific company

These premium drives can have a digital identifier programmed into them so that if a drive is plugged into the company's inner or outer firewall, the drive can be identified as a company-issued drive. For example, if an employee loses the company drive and buys the same model at retail, the newly purchased drive will not validate on the company network. This customization adds another layer of security to the use of USB drives.

4. Hardware-encrypted drives save money very quickly

The reduction and elimination of risks make the payback cycle very short. Plus, the peace of mind of knowing you are compliant and safe from the cost of being hacked, as well as the cost leveled at you for not being compliant, is worth something.

Hardware-Based Encryption...

  • Uses a dedicated processor, physically located on the encrypted drive
  • Processor contains a random number generators to generate an encryption key, which is unlocked by the user's password
  • Offers increased performance by off-loading encryption from the host system
  • Includes safeguard keys and critical security parameters within crypto-hardware
  • Authentication takes place on the hardware
  • It does not require any type of driver installation or software installation on the host PC
  • Protects against the most common attacks, such as cold-boot attacks, malicious code, brute force attacks

About the Author

Richard Kanadjian is the business manager of Kingston Technology’s Encrypted USB unit.

Featured

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.