I am a big fan of external hard drives offering full disk encryption and buttons on the outside. The buttons let you enter a password on the hard drive itself and the drive also validates the password. After entering a valid password, the hard drive appears to a computer as a normal unencrypted, plain vanilla drive.
A huge upside to this approach is that no software is needed on the computer. Thus, if the hard drive is formatted with the FAT or FAT32 file system, it is usable with computers running Windows, OS X and Linux.
Another advantage to this approach is the emergency re-locking of the data. If someone dangerous is fast approaching, just pull out the USB connecting wire and the drive reverts to its encrypted state. Granted, there is a chance of data loss/corruption when doing this, but in an emergency, it's a nice option to have.
Full disk encryption on an internal drive requires the computer to be powered off, to revert to a locked state, and we all know how long that takes.
There is, of course, a price to pay for the encryption, but when I previously wrote about a couple of these drives, the price premium was nothing extreme.
But, according to a recent article in PC Magazine, the price is now extreme. The article reviews the Apricorn Aegis Padlock Pro SSD drive which offers 256GB of storage for a whopping $759 (prices quoted here are approximate).
What's new here is the SSD.
The two hard drives that I wrote about previously, the Lenovo ThinkPad USB Portable Secure Drive (June 2009) and the Apricorn Aegis Padlock (December 2009) were, internally, 2.5 inch spinning platter hard drives.
Of course SSDs cost more than legacy mechanical drives, but still, $759 seems like a bit much to pay for an encrypted drive. Not everyone needs that much storage space. Heck, a low end Macbook Air offers only 64GB of SSD storage and people buy it nonetheless.
While the PC Magazine article only discussed the 256GB model, a quick trip to Amazon.com turned up a 128GB model for $379 and a visit to the Apricorn website, turned up a 64GB model for $199.
And, the mechanical platter-based hard drives are still available and cost far less.
When I wrote about the ThinkPad USB Secure Hard Drive in June 2009, the 160GB model cost somewhere between $140 and $180. While this model is no longer offered by Lenovo, the 320GB model has fallen in price to $130.
Apricorn offers many different models, starting at 250GB for $89, up to 750GB for $199. Some are also available at Amazon.com.
As with the older models, the new SSD based Apricorn drives allow for multiple passwords. Thus, in a large organization, there could be a corporate password that only the home office knows and another password that only the end user knows. They are designed to resist brute force attacks and come formatted as NTFS.
If remembering passwords is burdensome, fellow Computerworld blogger Richi Jennings reviewed an Apricorn drive that's unlocked with a fingerprint. However, it requires the installation of Windows software for the initial configuration, only supports the FAT file system and Macs see the drive as USB version 1, significantly slower than USB v2.
Update: March 4, 2011. According to Jennings, the Apricorn drive does support NTFS. See his comment below.
If price is a primary concern, for about $45 you can get a Corsair Padlock Secure 8GB Flash Drive. I have no experience with it and reviews were hard to find, other than the comments at Amazon and Newegg. One person noted that the drive remains unlocked for two minutes after being removed from a computer. I checked the user guide and FAQ at corsair.com but found no documentation on how long the flash drive remains unlocked.
Of course, techies can save money using TrueCrypt with any hard drive (I do) but creating, mounting and dismounting volumes is too much for many users. And, if you run Windows as a limited user, (me again) it makes TrueCrypt that much harder.
Finally, the whole idea of putting secure data on an SSD drive needs to be re-examined in light of the recent revelations about erasing data. For one thing, securely erasing a single file on an SSD is impossible. Erasing the entire drive turns out to be unreliable, and while encryption should protect deleted data from being read, the best option may be a hammer.