The best encrypted flash drives

SAN FRANCISCO — If you’re physically transporting data you don’t want other people to see, you should be doing it on secure media. And what better than something that hides easily within a pocket? Secure flash drives that are only about the size of a small cigarette lighter feature robust hardware security to make them super secure. You’ll pay a premium for the integrated security, but you can’t put a price on the peace of mind you get by knowing that your data is locked down.

To get the skinny on the state-of-the-art in secure flash drives, we took five hardware-encrypted drives for test spins. The results? As far as security is concerned, it’s all systems go. Three of the units–the Kingston DataTraveler 4000 Managed, the Kanguru Defender 2000, and the CMS CE-Secure Vault FIPS–are certified to Level 2 of the government’s FIPS 140-2 security standard. The Imation Defender F200 ratchets that up to Level 3. The Apricorn Aegis Secure Key is being processed for Level 3 certification, though it is not yet certified.

Those last two drives add a bit of panache and intrigue to what otherwise appear outwardly to be garden-variety flash drives. Imation’s Defender F200 has an integrated fingerprint scanner, while Apricorn’s Aegis Secure Key has a PIN-entry keypad.

The Defender F200 and the Aegis Secure Key share an advantage beyond their hint of spy drama–they’re operating-system and device agnostic. The other three drives in our roundup use client software interfaces to manage access to their data. This limits their use to Windows, OS X, and, in the case of the Kanguru Defender 2000, Linux. After you unlock the Defender F200 or the Aegis Secure Key with their hardware mechanisms, you can use them just as you would a normal USB flash drive. That means TVs, digital media adapters, printers, tablets, and laptops are all fair game.

Not in the Fast Lane

Unfortunately, current secure flash drive performance doesn’t match security, largely because they’re mired in the USB 2.0 past. In fact, none of the manufacturers reviewed here expect to release a USB 3.0 model until at least late this year. The fastest drive in this roundup tested nearly four times slower than two nonsecure USB 3.0 flash drives we included for comparison. Performance isn’t the main reason you buy a secure flash drive, but you might want to stick with cheaper, smaller-capacity models until the faster technology shows up. (And pray you never have to get out of Dodge in a hurry.)

The Secure Advantage…

All the drives in this roundup use the 256-bit AES hardware encryption required to achieve FIPS 140-2 Level 2 certification. Though you can certainly secure your data with a normal USB flash drive and encryption software such as the free TrueCrypt or EncryptStick, a chip is harder to hack, and to reach it means actually tampering with the drive, which is easy to detect.

FIPS 140-2 (Federal Information Processing Standard, Publication 140-2), referred to above, is the government’s take on methods for securing data. It’s not a technology, but rather a definition of what security mechanisms should do. There are four FIPS 140-2 levels. Level 1 involves using an approved encryption algorithm (such as AES 256). With Level 2, the encryption is supplemented by a means to reveal tampering. Level 3 adds protection for the encrypting mechanisms and algorithms themselves. And with Level 4, you add physically daunting packaging and fry the data and decrypting mechanisms if a breach occurs.

…and Manageability

On the software front, an increasingly common theme for secure flash drives is manageability. Most useful with fleets of drives, manageability means that the drive’s status and security characteristics may be modified by an administrator–locally, or remotely across a network or the Web. Using a server console such as BlockMaster’s SafeConsole or Imation’s ACCESS Server, your friendly IT guys-in-black can set password strength, force password changes, track logins, and the like. They can even set drives so that the data partition is hidden unless the unit is in contact with a server. No less than four of the drives in our roundup are manageable in this sense: the Defender 2000, the Defender F200, the CE-Secure Vault FIPS, and the DataTraveler 4000 Managed. The latter is managed only (and available in an unmanaged version, too), while the previous three may be also be used unmanaged.

The Imation Defender F200 took top honors with its combination of biometrics, FIPS 140-2 Level 3 certification, and hint of élan, but it’s a mediocre performer. Kanguru’s Defender 2000 offers top-notch security and speed in spades (for a USB 2.0 drive), though the software is a bit immature. The CMS CE-Secure Vault FIPS and the Kingston DataTraveler are also good USB 2.0 performers, are FIPS 140-2 Level 2-certified, and have good software. The super-convenient Apricorn Aegis Secure Key would have scored higher if it had not lost points for both its slow performance and its current lack of FIPS 140-2 certification.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now