When it comes to protecting your data, there are options such as local encryption or using an online storage service that offers encryption in the cloud. But one major weakness that affects both businesses and consumers is the “sneakernet:” moving data physically between computers or users via mediums such as flash drives or external hard drives. For example, delivering the latest W-2 forms to the HR department or taking your yearly tax information to your accountant’s office.
While it’s possible to move data in this manner securely by using software-based encryption, the simple reality is that many users and employees don’t take data security into consideration, or they just forget. The thought is “the data is in my hands, it’s safe.” But, of course, when that flash drive or hard drive gets left behind at the coffee shop, or the bag containing them gets swiped at the airport, this false notion crumbles immediately.
UK-based iStorage is one company that recognizes this issue, and the company has built its entire product line around hardware-based encryption for external storage devices. These are devices that automatically encrypt the data stored on them, completely preventing access to the data unless the correct PIN is physically entered on the device. As long as employees or family members use a device like this for their external data storage, they never need to “think” about encryption since the data is automatically secured as soon as it’s unplugged from the computer.
While iStorage offers a range of devices including external hard drives, we spent some time with one of the company’s flash drives. The datAshur Pro is a USB 3.0 drive that is available in capacities ranging from 4 to 64GB. We’re reviewing the 32GB model, which has a current street price in the US of about $125.
While standard flash drives have been shrinking in size in recent years, the datAshur Pro maintains a more “traditional” form factor in order to accommodate its 10-digit keypad. At 78mm in length (about 3 inches), it’s therefore quite a bit larger than today’s typical flash drive, which may be a problem when it comes to fitting into tight spaces or protruding in a manner which may result in an impact that can damage the drive, your computer’s USB port, or both. So depending on the layout and location of your computer’s USB ports, you may need to be careful when the drive is plugged in.
The drive itself has a durable-feeling blue aluminum case and comes with a cover made of the same materials. The cover attaches to the drive via tension with a rubber ring around the base of the flash drive, so it can take a bit of force to attach and remove. But this tight connection also seals the sensitive components of the drive, giving it IP57-rated dust and water protection for submersion up to 1 meter when the cover is properly attached. There’s also a steel wire loop for connecting to a key ring or a desk lock.
The datAshur Pro contains hardware-based AES-XTS 256-bit encryption that can only be controlled via the device’s physical keypad. The device ships with a default passcode — 1-1-2-2-3-3-4-4 — but you can change it to any custom combination ranging between 7 and 15 digits.
The device is automatically locked once it’s USB port is disconnected. To unlock it for use, you press the key button (beneath the keypad) once, enter your PIN, then press the key button again. The indicator lights above the keypad will change from red to green. You then have 30 seconds to connect the flash drive to your computer or other USB-compatible device. Once connected, the drive will remain unlocked and function like any normal flash drive. As soon as you disconnect the drive, it locks again automatically.
If you enter the wrong PIN 10 times in a row, the drive automatically wipes all data and resets itself to factory settings. This means that while you’ll lose any data that was on the drive, you at least won’t end up with a useless “bricked” device if you forget your PIN.
Overall the process works well, but one issue we encountered is that, after pressing the key button the first time to initiate the unlock process, you have only 10 seconds to correctly enter your PIN and press the key button the second time. With a minimum PIN size of seven digits and relatively tiny buttons, this might be too difficult for some users to complete in that time window.
Another factor is that the drive’s onboard hardware encryption requires power in order to unlock when not connected, so it has a built-in battery that recharges itself when the drive is connected to your computer. Therefore, when you first get the drive, or if you’re using it for the first time in a while, you may need to plug the drive in simply to charge for up to an hour before you can attempt to unlock it. However, even semi-regular use (a few times a month) should keep it charged enough to avoid this.
As a USB 3.0 device, performance for the datAshur Pro is relatively slow. The company advertises speeds of up to 139MB/s reads and 43MB/s writes but we actually saw a maximum sequential performance of around only 40MB/s reads and 38MB/s writes (for the 32GB model; speeds for other capacities may differ).
This is significantly slower than the highest tier USB 3-based flash drives, but more than adequate for documents, pictures, and other types of smaller files that are more likely to require encryption. If you need to encrypt and transfer lots of large files, such as confidential videos or hundreds of RAW images, the datAshur Pro may be too slow. For most users, however, speeds are acceptable.
Usage & Conclusion
As mentioned previously, one solution to protecting your data is software-based encryption. While this works well in many situations, one problem is that it requires that the device you’re connecting to be able to decrypt the data. This shouldn’t be a problem for typical PCs and Macs, but when it comes to devices like Android tablets, Chromebooks, or network-attached storage arrays, support for software encryption is limited if it’s available at all.
The use of hardware-based encryption with something like the datAshur pro eliminates this compatibility issue because all of the encryption and decryption takes place on the device itself. Once “unlocked,” the drive presents itself to the host platform like any other normal flash drive. This means you can use different file systems or connect to devices like your NAS without needing to worry about whether the device is able to decrypt the data.
Unfortunately, that also means that if you forget your PIN, or if the encryption chip on the flash drive fails, your data is gone forever. Of course, you should already have multiple robust backups of all important data, and other forms of data storage can fail too, but it’s something to keep in mind when using a device like the datAshur Pro.
Those potential caveats aside, the datAshur Pro is a nice solution to a growing problem. The ease and speed with which critically important data can be accessed and transferred means that everyone — from major corporations to individual users — must take measures to better protect it. And while software-based encryption is an important part a good data security strategy, there are situations where it may not be the best option.
Instead, using a storage device with hardware-based encryption like the datAshur Pro removes the complexity of encryption for the end user while still offering excellent protection for your data while in transit, in a format that is almost universally compatible with any USB-capable device. The only drawbacks are a potentially tricky unlock process, a slightly inconvenient form factor, and speeds that are a bit on the slow side.
Pricing, too, may at first be considered a negative since the drive is priced so much higher than other flash drives of similar capacities. But with the datAshur Pro you’re not paying for capacity as much as security, and that makes pure price comparisons with traditional drives impractical. It’s also worth noting that, looking only at the relatively small market of purely hardware-encrypted flash drives, iStorage’s pricing is right in line with its competitors.
The iStorage datAshur Pro is available now via Amazon and the iStorage website. When ordering via iStorage directly, buyers have the option of laser etching a custom text or logo for a small fee (£5.00 / about $6.50).
The drive includes a 3-year warranty, but only for the hardware itself. There is no data recovery option included and, given the nature of the product itself, data recovery in any case would likely be impossible.
Want news and tips from TekRevue delivered directly to your inbox? Sign up for the TekRevue Weekly Digest using the box below. Get tips, reviews, news, and giveaways reserved exclusively for subscribers.