Why Hardware-Encrypted USB Drives Are the Best Option for Regulatory Compliance in 2022

  • By Richard Kanadjian
  • Feb 07, 2022

Many governments and industries worldwide have mandated that various forms of personal data be protected by encryption while at rest or in transit. A few examples of commonly known regulations are HIPAA in health care, GDPR in the European Union, the California Consumer Privacy Act (CCPA), and Payment Card Industry Data Security Standard (PCI DSS). Non-compliance to a single regulation can lead to heavy-duty fines and loss of corporate reputation, loss of business, and legal implications.

Many individuals in charge of companies' IT departments or security issues deal with strained budgets. As a result, they are moving to software encryption, which can offer the exact same encryption capabilities – such as AES-256 XTS – as do more expensive hardware-encrypted USB drives, for compliance purposes, unaware of the dark side of software encryption: it is not compliant with regulations.

The issue is that users can easily remove the software-encryption feature from their USB drives. The primary reason they do so is for access to the files without use of a password, or they forgot the password but needed to use the drive. In the 15 seconds, it takes to do that, all stored encrypted files are removed, and the drive is ready for users to copy new files to the drive for easy – albeit unencrypted – access. Hence, software encryption is considered removable encryption.

How do hardware-encrypted USB drives meet an organization's needs for regulatory compliance? Read on.

1. Hardware encrypted USB drives have encryption that is always ON

There is no way for users to turn off encryption, reset the password rules (minimum length, complexity, etc.), and disable the automatic password retries.

Unlike software encryption, which does not prevent repeated password guessing through software dictionary attacks, hardware-encryption limits password retries to 10 times or fewer – and wipes out the data when the wrong passwords are entered ten times in a row. This is very secure in the age of supercomputers.

2. Hardware-encrypted drives use premium encryption controllers and incorporate many security features

While manufacturers, such as Kingston, don't always disclose all security countermeasures, there is a countermeasure to protect against BadUSB that we can discuss. At the factory, when the firmware is loaded on hardware-encrypted drives only, the firmware is digitally signed and loaded. This means that when these encrypted USBs are plugged in, the encryption controller first checks the integrity of the firmware through the digital signature and only loads it if it passes. Any attempt to replace the firmware will brick the drive, becoming non-functional.

3. Hardware encrypted USB drives can have custom Product IDs (PIDs) set up for a specific company

These premium drives can have a digital identifier programmed into them so that if a drive is plugged into the company's inner or outer firewall, the drive can be identified as a company-issued drive. For example, if an employee loses the company drive and buys the same model at retail, the newly purchased drive will not validate on the company network. This customization adds another layer of security to the use of USB drives.

4. Hardware-encrypted drives save money very quickly

The reduction and elimination of risks make the payback cycle very short. Plus, the peace of mind of knowing you are compliant and safe from the cost of being hacked, as well as the cost leveled at you for not being compliant, is worth something.

Hardware-Based Encryption...

  • Uses a dedicated processor, physically located on the encrypted drive
  • Processor contains a random number generators to generate an encryption key, which is unlocked by the user's password
  • Offers increased performance by off-loading encryption from the host system
  • Includes safeguard keys and critical security parameters within crypto-hardware
  • Authentication takes place on the hardware
  • It does not require any type of driver installation or software installation on the host PC
  • Protects against the most common attacks, such as cold-boot attacks, malicious code, brute force attacks

About the Author

Richard Kanadjian is the business manager of Kingston Technology’s Encrypted USB unit.

Featured

  • Data Driven, Proactive Response

    As cities face rising demands for smarter policing and faster emergency response, Real Time Crime Centers (RTCCs) are emerging as essential hubs for data-driven public safety. In this interview, two experts with deep field experience — Ross Bourgeois of New Orleans and Dean Cunningham of Axis Communications — draw on decades of operational, leadership and technology expertise to share how RTCCs are transforming public safety through innovation, interagency collaboration and a relentless focus on community impact. Read Now

  • Integration Imagination: The Future of Connected Operations

    Security teams that collaborate cross-functionally and apply imagination and creativity to envision and design their ideal integrated ecosystem will have the biggest upside to corporate security and operational benefits. Read Now

  • Smarter Access Starts with Flexibility

    Today’s workplaces are undergoing a rapid evolution, driven by hybrid work models, emerging smart technologies, and flexible work schedules. To keep pace with growing workplace demands, buildings are becoming more dynamic – capable of adapting to how people move, work, and interact in real-time. Read Now

  • Trends Keeping an Eye on Business Decisions

    Today, AI continues to transform the way data is used to make important business decisions. AI and the cloud together are redefining how video surveillance systems are being used to simulate human intelligence by combining data analysis, prediction, and process automation with minimal human intervention. Many organizations are upgrading their surveillance systems to reap the benefits of technologies like AI and cloud applications. Read Now

  • Right-Wing Activist Charlie Kirk Dies After Utah Valley University Shooting

    Charlie Kirk, a popular conservative activist and founder of Turning Point USA, died Wednesday after being shot during an on-campus event at Utah Valley University in Orem, Utah Read Now

Most   Popular

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.