Encrypted USB Drives
One of the most effective, cost-efficient cybersecurity solutions
- By Richard Kanadjian
- Aug 01, 2019
The term “bad actor” once only
referred to someone making
a living in Tinsel Town. Now
governments have used those
words to describe rogue operators
who carry out missions or perform
actions with the intent to weaken or harm a
country for the good of another. In no setting
is the term more appropriate than in the
realm of cybersecurity, where even the leastbad
actor can do a world of hurt.
It is a given that in today’s computercentric,
mobile lifestyle, everybody—and we
do mean everybody—stores and transfers
personal (i.e., financial/banking documents,
health records, contact information of family
members, vacation photos, and more) or
work-related (i.e., company budgets, marketing
plans, R&D documents, meeting minutes,
personnel files, etc.) data. We all store
and transfer data. Many of us use USB
drives to do so.
With capacities ranging from 256MB to
2TB, their tremendous portability and exceptionally
easy ability to be connected to
various networks, USB drives have proven
their value to literally millions of individuals,
businesses, and government agencies. Most
of these drives, however, are unencrypted,
thus posing a major security risk. While they
have revolutionized data storage and transport,
their extreme portability has also introduced
They are very susceptible to being lost,
breached, and misappropriated with the
data on them then possibly shared with all
of humanity. That leads to the possibility of
critical, classified, sensitive data landing in
the wrong hands, the hands of bad actors,
if you will.
There is a very simple, cost-effective solution:
an encrypted USB drive with strong
password protection. Such drives are an
essential pillar of a comprehensive data
loss-prevention (DLP) strategy. If ever lost,
stolen, or misplaced, the data cannot be accessed.
Sure, the drive is gone, but the drive’s
user will have the peace of mind knowing
whatever information was on there remains
safe and sound, locked away, untouchable.
Speaking of Trustworthy
Encryption is the most trustworthy means
of protecting confidential or sensitive data.
Encrypted USB drives combine the mobility
advantages of using a USB while protecting
the information on the drive. No mobile
means is better at keeping confidential information
confidential. Confidential information
Companies, such as Kingston Technology,
have introduced a range of encrypted USB
solutions. Encrypted USB drives are designed
to protect the most sensitive data using the
strictest security regulations and protocols
and help transport data when it needs to move
beyond an individual’s or company’s firewall
securely and confidently.
Cost wise, encrypted USBs are not as expensive
as you might think. In the encrypted
vs. non-encrypted argument, consider the
costs and consequences of a data breach,
lost drive etc., against the low purchase
price of a non-encrypted drive. The marginally
higher investment in an encrypted drive
is well worth it as it minimizes any threat
and provides peace of mind. Data lost due
to using non-encryption drives can also lead
to legal issues (HIPPA, GDPR, etc.) and
consequences. Paying a little more up-front
for encrypted drives will cost exponentially
less than risking a potential data breach and
Now, that you have been sold, hopefully,
on the importance of using encrypted USB
drives as opposed to unencrypted drives for
storing or transporting vital data, there is another
important choice to make.
USB-drive encryption is performed
either through the device’s hardware or
software. Hardware-based encrypted USB
drives are self-contained, don’t require a
software element on the host computer, and
are the most effective in combating everevolving
cyber threats. Hardware-encrypted
USB drives protect against the possibility
of brute-force, sniffing, and memory hash
attacks due to their security being self-contained
inside the drive.
On the other hand, software-based encrypted
drives share the computer’s resources
with other programs and are only as safe
as the computer they are plugged into. The
encryption is not done on the USB drive at
all. A software program runs on the computer
to encrypt data and then store it on
the USB drive. To read it back, a software
program must again be run on the computer
to decrypt the data. Because of this computer-
based encryption process, the USB drives
themselves are vulnerable.
The Best Defense
A hardware-centric/software-free encryption
approach to data security is the best defense
against data loss, as it eliminates the most
commonly used attack routes. This same
software-free method also provides comprehensive
compatibility with most OS or embedded equipment possessing a USB port.
Top-of-the-line hardware-based encrypted USB drives, such as
the Kingston IronKey, use Advanced Encryption Standard (AES)
256-bit encryption in the most secure XTS mode. Additionally, they
are FIPS 140-2 Level 3 certified, meaning the U.S. Government has
certified the drive for use by Federal government agencies for certain
data classifications, with testing done by certified labs to verify the
drive’s security. This certification supports the safeguard that anyone
who finds such a drive is highly unlikely to access the information.
Such drives generally require a complex password with three or four
character sets and a minimum length to make it much harder to guess
a password. There are even battery-powered keypad drives, which
make it easy to unlock using a keypad code of eight to 15 digits.
Leading USB-drive manufacturers, such as Kingston, offer encrypted
USB flash drive customization to create unique, indispensable
drives, which is especially helpful to businesses and governmental
agencies. Selected features available for customization purposes
Device Serial Numbering: for asset tracking, external and internal
- Custom Product Identification (PID): drive is uniquely identified
by predetermined combination of vendor ID, product line USB
PID, and device USB serial number.
- Capacities: some USB drive manufacturers are capable of setting
the capacity of the encrypted USB drive to any data restrictions a
customer wants, for example: 1GB, 512GB, 96MB.
- Dual Password Option: administrator sets the admin-level password
for drive. If user-level password is lost, administrator can
use admin password to unlock drive and reset user’s password.
- Custom Logo/Marking Laser Etching: creates an unique look or
presents vital information.
- Custom Colors: different color casings helps class identification
and fulfills other needs.
- Profile Customization: creates a fully unique product. Specific
security requirements can be addressed through custom profile
changes, which allows companies to create a drive with personal
settings and options.
Another option available to businesses and government entities is
giving system administrators control over drives deployed across
the enterprise or agency’s reach. Available as a cloud-based or onpremises
solution, it allows users to establish and secure a centralized
workspace or storage command center, where they can easily deploy
and manage devices.
Flexible role-based administration is an efficient and cost-effective
way to protect data by administering usage and encryption policies,
password restrictions, and more from a central console.
Drives in the field can be monitored with a powerful, flexible asset-
tracking system, which ensures devices stay current with the latest
software through a forced update feature.
Encrypted USB drives are powerful tools in
closing security gaps and helping ensure security.
And the need for that is something both Dad’s
generation and today’s can agree on.
This article originally appeared in the July/August 2019 issue of Security Today.