Why Hardware-Encrypted USB Drives Are the Best Option for Regulatory Compliance in 2022

Many governments and industries worldwide have mandated that various forms of personal data be protected by encryption while at rest or in transit. A few examples of commonly known regulations are HIPAA in health care, GDPR in the European Union, the California Consumer Privacy Act (CCPA), and Payment Card Industry Data Security Standard (PCI DSS). Non-compliance to a single regulation can lead to heavy-duty fines and loss of corporate reputation, loss of business, and legal implications.

Many individuals in charge of companies' IT departments or security issues deal with strained budgets. As a result, they are moving to software encryption, which can offer the exact same encryption capabilities – such as AES-256 XTS – as do more expensive hardware-encrypted USB drives, for compliance purposes, unaware of the dark side of software encryption: it is not compliant with regulations.

The issue is that users can easily remove the software-encryption feature from their USB drives. The primary reason they do so is for access to the files without use of a password, or they forgot the password but needed to use the drive. In the 15 seconds, it takes to do that, all stored encrypted files are removed, and the drive is ready for users to copy new files to the drive for easy – albeit unencrypted – access. Hence, software encryption is considered removable encryption.

How do hardware-encrypted USB drives meet an organization's needs for regulatory compliance? Read on.

1. Hardware encrypted USB drives have encryption that is always ON

There is no way for users to turn off encryption, reset the password rules (minimum length, complexity, etc.), and disable the automatic password retries.

Unlike software encryption, which does not prevent repeated password guessing through software dictionary attacks, hardware-encryption limits password retries to 10 times or fewer – and wipes out the data when the wrong passwords are entered ten times in a row. This is very secure in the age of supercomputers.

2. Hardware-encrypted drives use premium encryption controllers and incorporate many security features

While manufacturers, such as Kingston, don't always disclose all security countermeasures, there is a countermeasure to protect against BadUSB that we can discuss. At the factory, when the firmware is loaded on hardware-encrypted drives only, the firmware is digitally signed and loaded. This means that when these encrypted USBs are plugged in, the encryption controller first checks the integrity of the firmware through the digital signature and only loads it if it passes. Any attempt to replace the firmware will brick the drive, becoming non-functional.

3. Hardware encrypted USB drives can have custom Product IDs (PIDs) set up for a specific company

These premium drives can have a digital identifier programmed into them so that if a drive is plugged into the company's inner or outer firewall, the drive can be identified as a company-issued drive. For example, if an employee loses the company drive and buys the same model at retail, the newly purchased drive will not validate on the company network. This customization adds another layer of security to the use of USB drives.

4. Hardware-encrypted drives save money very quickly

The reduction and elimination of risks make the payback cycle very short. Plus, the peace of mind of knowing you are compliant and safe from the cost of being hacked, as well as the cost leveled at you for not being compliant, is worth something.

Hardware-Based Encryption...

  • Uses a dedicated processor, physically located on the encrypted drive
  • Processor contains a random number generators to generate an encryption key, which is unlocked by the user's password
  • Offers increased performance by off-loading encryption from the host system
  • Includes safeguard keys and critical security parameters within crypto-hardware
  • Authentication takes place on the hardware
  • It does not require any type of driver installation or software installation on the host PC
  • Protects against the most common attacks, such as cold-boot attacks, malicious code, brute force attacks

About the Author

Richard Kanadjian is the business manager of Kingston Technology’s Encrypted USB unit.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • ISC West 2024 is a Rousing Success

    The 2024 ISC West security tradeshow marked a pivotal moment in the industry, showcasing cutting-edge technology and innovative solutions to address evolving security challenges. Exhibitors left the event with a profound sense of satisfaction, as they witnessed a high level of engagement from attendees and forged valuable connections with potential clients and partners. Read Now

    • Industry Events
    • ISC West
  • Live From ISC West: Day 2

    What a great show ISC West 2024 has been so far. The second day on Thursday was as busy or even more hectic than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Sands Expo, because there’s more news coming out than anyone could be expected to keep track of. Read Now

    • Industry Events
    • ISC West
  • A Unique Perspective on ISC West 2024

    Navigating a tradeshow post-knee surgery can be quite the endeavor, but utilizing an electric scooter adds an interesting twist to the experience. While it may initially feel like a limitation, it actually provides a unique perspective on traversing through the bustling crowds and expansive exhibition halls. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3