Review: 7 secure USB drives

Should you trust these flash drives to safeguard your data?

By Bill O'Brien, Rich Ericson and Lucas Mearian

March 3, 2008 12:00 PM ET

Reviews

7 secure USB drives

Comparison charts

Computerworld - USB flash drives are very small, very portable, very convenient -- and very easy to lose. In fact, the question to ask these days isn't how to avoid losing your flash drive, but how to make sure your data is safe when you do. As a result, Computerworld decided it was time to look at seven USB flash drives that are outfitted with security features to keep your data safe.

We did what most IT managers and users would do and asked some of the top vendors for their most secure USB flash drives. All but one of these products use some form of the Advanced Encryption Standard (AES) encryption, either 128-bit or 256-bit (according to experts, there's not much of a difference between 128-bit and 256-bit levels of AES encryption for ordinary purposes, as neither has yet been broken).

There was some variation in the implementation of the encryption on these drives -- some use AES keys derived from a user's password, while others use encryption keys generated by a hardware-based random number generator. (For more information, see our sidebar About Encryption.)

Our three reviewers -- Bill O'Brien, Rich Ericson and Lucas Mearian -- did not test the encryption algorithms themselves (that's a subject for another article), but did test the drives' performance, I/O rates, and CPU utilization. The reviewers also looked at the drives' security features, price, ease of installation, and ease of use.

Each device was tested for speed using Simpli Software's Hd Tach 3.0. Interestingly, the reviewers came up with a wider range of performance numbers than anyone actually expected.

Related Blog:

Mike Elgan: Why I'm done with portable hard drives

I've owned six portable USB hard drives over the past 10 years, and all six of them have failed unrecoverably. [read more]

In fact, this turned out to be a very diverse group of drives with features ranging from secure and unsecure data partitioning, to waterproof, stainless-steel cases, to support for passwords of up to 99 characters. In every instance, there are different levels of ingenuity that went into the creation of these handy, very mobile devices, even if the level of protection varies.

This is by no means the definitive list of all the drives available -- only some from the largest vendors and the most highly advertised. There are many types of secure USB drives out there, including those using fingerprint scanning technology (we'll visit those in a later review).

In choosing a secure USB flash drive, you may have to first decide the relative importance of security, price, and speed, and compromise among those three factors. But in the end, we found that one drive stands out above the others.

About Encryption

AES is the successor to the older DES (Data Encryption Standard) and is used by the U.S. government for encrypting secret-level and top-secret-level documents, using the 128-bit and 256-bit strengths respectively.

But it's not enough to offer AES encryption; much depends on how the encryption is deployed. In part, that's because users don't always want to use passwords as long as needed for effective key generation. If a user chooses a password with fewer characters than would make a 128-bit or 256-bit key (one character = 8 bits, so we're talking about passwords of 16 or 32 characters, respectively), the remaining characters often automatically become zeros. That means that the password can more easily be guessed, according to Charles Kolodgy, research director for secure content and threat management products at IDC.

Kolodgy recommends a passphrase versus a password. "The first step is to take care of 90% of the users out there," Kolodgy says. After that, the best solution is to have a random password character generator on the drive.

Some vendors claim there are differences between software-based and hardware-based encryption; according to Kolodgy, that's not hype. In software-based encryption, the keys are placed in the device's memory, so a hacker will know where to look for the keys by their unique format and can target those keys for a brute-force attack, Kolodgy says. In hardware-based encryption, the key never leaves the hardware device, thus you can't access them by simply looking at the device's memory.

But there's only so much due diligence you can do on this front. In the end, there is no way to tell whether a vendor's security is foolproof "apart from a $50,000 or $100,000 engineering effort," says security technologist and author Bruce Schneier in his essay on password security.

As an IT manager, you may even be best off rolling your own. Schneier says he generally purchases inexpensive drives and then encrypts the data on them using PGPDisk encryption software, but you will need to have PGP's Desktop product installed on your computer.

Comment Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Corsair

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying

34 comments | Add new

See all comments (34) | Add new

White Papers & Webcasts

Why Email Fails: Dell MessageOne Survey of Email Outages
Download Now

Data Protection is not an insurance policy -you cannot buy-back lost data
Find out why you need to maintain access to critical information to run your business and remain competitive.

Essential Archive Requirements for E-Discovery
Register Now!

Strategic ECM Webinar
Learn what new strategic business benefits can be realized through ECM!

CIO Strategies for the Retention and Deletion of Email
Register Now!

Rethinking Business Continuity and High Availability in Storage - HP and Forrester Pre-Recorded Webcast
Download it.

CIO Viewpoints: Exchange 2007 Risks and Mitigation Strategies
Download This Whitepaper Today!

5 Architecture Issues that Impact BES performance
Register to attend this LIVE Webinar to learn 5 Architecture Issues that Impact BES performance!

The Power/Density Paradox: The Result of High Density without Power Efficiency
Download this brief to explore what the power/density paradox is and how IT professionals can mitigate the risk.

Four Principles for Reducing Storage TCO
View cost reduction strategies in this video! Provided by Hitachi Data Systems.

All White Papers | All Webcasts