Why Hardware-Encrypted USB Drives Are the Best Option for Regulatory Compliance in 2022

  • By Richard Kanadjian
  • Feb 07, 2022

Many governments and industries worldwide have mandated that various forms of personal data be protected by encryption while at rest or in transit. A few examples of commonly known regulations are HIPAA in health care, GDPR in the European Union, the California Consumer Privacy Act (CCPA), and Payment Card Industry Data Security Standard (PCI DSS). Non-compliance to a single regulation can lead to heavy-duty fines and loss of corporate reputation, loss of business, and legal implications.

Many individuals in charge of companies' IT departments or security issues deal with strained budgets. As a result, they are moving to software encryption, which can offer the exact same encryption capabilities – such as AES-256 XTS – as do more expensive hardware-encrypted USB drives, for compliance purposes, unaware of the dark side of software encryption: it is not compliant with regulations.

The issue is that users can easily remove the software-encryption feature from their USB drives. The primary reason they do so is for access to the files without use of a password, or they forgot the password but needed to use the drive. In the 15 seconds, it takes to do that, all stored encrypted files are removed, and the drive is ready for users to copy new files to the drive for easy – albeit unencrypted – access. Hence, software encryption is considered removable encryption.

How do hardware-encrypted USB drives meet an organization's needs for regulatory compliance? Read on.

1. Hardware encrypted USB drives have encryption that is always ON

There is no way for users to turn off encryption, reset the password rules (minimum length, complexity, etc.), and disable the automatic password retries.

Unlike software encryption, which does not prevent repeated password guessing through software dictionary attacks, hardware-encryption limits password retries to 10 times or fewer – and wipes out the data when the wrong passwords are entered ten times in a row. This is very secure in the age of supercomputers.

2. Hardware-encrypted drives use premium encryption controllers and incorporate many security features

While manufacturers, such as Kingston, don't always disclose all security countermeasures, there is a countermeasure to protect against BadUSB that we can discuss. At the factory, when the firmware is loaded on hardware-encrypted drives only, the firmware is digitally signed and loaded. This means that when these encrypted USBs are plugged in, the encryption controller first checks the integrity of the firmware through the digital signature and only loads it if it passes. Any attempt to replace the firmware will brick the drive, becoming non-functional.

3. Hardware encrypted USB drives can have custom Product IDs (PIDs) set up for a specific company

These premium drives can have a digital identifier programmed into them so that if a drive is plugged into the company's inner or outer firewall, the drive can be identified as a company-issued drive. For example, if an employee loses the company drive and buys the same model at retail, the newly purchased drive will not validate on the company network. This customization adds another layer of security to the use of USB drives.

4. Hardware-encrypted drives save money very quickly

The reduction and elimination of risks make the payback cycle very short. Plus, the peace of mind of knowing you are compliant and safe from the cost of being hacked, as well as the cost leveled at you for not being compliant, is worth something.

Hardware-Based Encryption...

  • Uses a dedicated processor, physically located on the encrypted drive
  • Processor contains a random number generators to generate an encryption key, which is unlocked by the user's password
  • Offers increased performance by off-loading encryption from the host system
  • Includes safeguard keys and critical security parameters within crypto-hardware
  • Authentication takes place on the hardware
  • It does not require any type of driver installation or software installation on the host PC
  • Protects against the most common attacks, such as cold-boot attacks, malicious code, brute force attacks

About the Author

Richard Kanadjian is the business manager of Kingston Technology’s Encrypted USB unit.

Featured

  • ESX 2025 Announces Expanded Schedule of Events

    ESX has announced its dynamic 2025 schedule, set to provide an unparalleled experience for professionals in the electronic security and life safety industry. Taking place June 16-19 at the Cobb Galleria Centre, this year’s event features an expanded lineup of educational sessions, hands-on workshops, inspiring main stage speakers, networking opportunities, and an engaging expo floor showcasing the latest technology. Read Now

  • City of New Orleans Launches NOLA Ready Public Safety App Before Super Bowl

    The City of New Orleans Office of Homeland Security and Emergency Preparedness (NOHSEP) is pleased to announce the official launch of the NOLA Ready Public Safety App, powered by Motorola Solutions. This new mobile application is designed to enhance public safety and emergency preparedness for both residents and visitors. All individuals planning to attend major events in New Orleans, including the Super Bowl, Mardi Gras, and other large gatherings, are encouraged to download the app. Read Now

  • 5 Tips to Improve Your Password Security

    Change Your Password Day is right around the corner. Observed every year on February 1, the day aims to raise awareness about cybersecurity and underscores the importance of keeping passwords strong and up to date. Read Now

  • Enhancing Port Security

    DP World Yarimca, one of the largest container terminals of the Gulf of İzmit and Turkey, is a strong proponent of using industry-leading technology to deliver unrivaled value to its customers and partners. As the port is growing, DP World Yarimca needs to continue to provide uninterrupted operations and a high level of security.To address these challenges, DP World Yarimca has embraced innovative technological products, including FLIR's comprehensive portfolio of security monitoring solutions. Read Now

Most   Popular

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.