Encrypted USB Drives

One of the most effective, cost-efficient cybersecurity solutions

The term “bad actor” once only referred to someone making a living in Tinsel Town. Now governments have used those words to describe rogue operators who carry out missions or perform actions with the intent to weaken or harm a country for the good of another. In no setting is the term more appropriate than in the realm of cybersecurity, where even the leastbad actor can do a world of hurt.

It is a given that in today’s computercentric, mobile lifestyle, everybody—and we do mean everybody—stores and transfers personal (i.e., financial/banking documents, health records, contact information of family members, vacation photos, and more) or work-related (i.e., company budgets, marketing plans, R&D documents, meeting minutes, personnel files, etc.) data. We all store and transfer data. Many of us use USB drives to do so.

With capacities ranging from 256MB to 2TB, their tremendous portability and exceptionally easy ability to be connected to various networks, USB drives have proven their value to literally millions of individuals, businesses, and government agencies. Most of these drives, however, are unencrypted, thus posing a major security risk. While they have revolutionized data storage and transport, their extreme portability has also introduced grave concerns.

They are very susceptible to being lost, breached, and misappropriated with the data on them then possibly shared with all of humanity. That leads to the possibility of critical, classified, sensitive data landing in the wrong hands, the hands of bad actors, if you will.

There is a very simple, cost-effective solution: an encrypted USB drive with strong password protection. Such drives are an essential pillar of a comprehensive data loss-prevention (DLP) strategy. If ever lost, stolen, or misplaced, the data cannot be accessed. Sure, the drive is gone, but the drive’s user will have the peace of mind knowing whatever information was on there remains safe and sound, locked away, untouchable.

Speaking of Trustworthy

Encryption is the most trustworthy means of protecting confidential or sensitive data. Encrypted USB drives combine the mobility advantages of using a USB while protecting the information on the drive. No mobile means is better at keeping confidential information confidential. Confidential information stays confidential.

Companies, such as Kingston Technology, have introduced a range of encrypted USB solutions. Encrypted USB drives are designed to protect the most sensitive data using the strictest security regulations and protocols and help transport data when it needs to move beyond an individual’s or company’s firewall securely and confidently.

Cost wise, encrypted USBs are not as expensive as you might think. In the encrypted vs. non-encrypted argument, consider the costs and consequences of a data breach, lost drive etc., against the low purchase price of a non-encrypted drive. The marginally higher investment in an encrypted drive is well worth it as it minimizes any threat and provides peace of mind. Data lost due to using non-encryption drives can also lead to legal issues (HIPPA, GDPR, etc.) and consequences. Paying a little more up-front for encrypted drives will cost exponentially less than risking a potential data breach and possible fines.

Now, that you have been sold, hopefully, on the importance of using encrypted USB drives as opposed to unencrypted drives for storing or transporting vital data, there is another important choice to make.

USB-drive encryption is performed either through the device’s hardware or software. Hardware-based encrypted USB drives are self-contained, don’t require a software element on the host computer, and are the most effective in combating everevolving cyber threats. Hardware-encrypted USB drives protect against the possibility of brute-force, sniffing, and memory hash attacks due to their security being self-contained inside the drive.

On the other hand, software-based encrypted drives share the computer’s resources with other programs and are only as safe as the computer they are plugged into. The encryption is not done on the USB drive at all. A software program runs on the computer to encrypt data and then store it on the USB drive. To read it back, a software program must again be run on the computer to decrypt the data. Because of this computer- based encryption process, the USB drives themselves are vulnerable.

The Best Defense

A hardware-centric/software-free encryption approach to data security is the best defense against data loss, as it eliminates the most commonly used attack routes. This same software-free method also provides comprehensive compatibility with most OS or embedded equipment possessing a USB port.

Top-of-the-line hardware-based encrypted USB drives, such as the Kingston IronKey, use Advanced Encryption Standard (AES) 256-bit encryption in the most secure XTS mode. Additionally, they are FIPS 140-2 Level 3 certified, meaning the U.S. Government has certified the drive for use by Federal government agencies for certain data classifications, with testing done by certified labs to verify the drive’s security. This certification supports the safeguard that anyone who finds such a drive is highly unlikely to access the information. Such drives generally require a complex password with three or four character sets and a minimum length to make it much harder to guess a password. There are even battery-powered keypad drives, which make it easy to unlock using a keypad code of eight to 15 digits.

Leading USB-drive manufacturers, such as Kingston, offer encrypted USB flash drive customization to create unique, indispensable drives, which is especially helpful to businesses and governmental agencies. Selected features available for customization purposes might include:

Device Serial Numbering: for asset tracking, external and internal serial record.

  • Custom Product Identification (PID): drive is uniquely identified by predetermined combination of vendor ID, product line USB PID, and device USB serial number.
  • Capacities: some USB drive manufacturers are capable of setting the capacity of the encrypted USB drive to any data restrictions a customer wants, for example: 1GB, 512GB, 96MB.
  • Dual Password Option: administrator sets the admin-level password for drive. If user-level password is lost, administrator can use admin password to unlock drive and reset user’s password.
  • Custom Logo/Marking Laser Etching: creates an unique look or presents vital information.
  • Custom Colors: different color casings helps class identification and fulfills other needs.
  • Profile Customization: creates a fully unique product. Specific security requirements can be addressed through custom profile changes, which allows companies to create a drive with personal settings and options.

Other Options

Another option available to businesses and government entities is giving system administrators control over drives deployed across the enterprise or agency’s reach. Available as a cloud-based or onpremises solution, it allows users to establish and secure a centralized workspace or storage command center, where they can easily deploy and manage devices.

Flexible role-based administration is an efficient and cost-effective way to protect data by administering usage and encryption policies, password restrictions, and more from a central console.

Drives in the field can be monitored with a powerful, flexible asset- tracking system, which ensures devices stay current with the latest software through a forced update feature.

Encrypted USB drives are powerful tools in closing security gaps and helping ensure security. And the need for that is something both Dad’s generation and today’s can agree on.

This article originally appeared in the July/August 2019 issue of Security Today.

Featured

Featured Cybersecurity

Webinars

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3