by Tom Rataj
It seems there’s a news story every few months about confidential personal and financial data being lost or stolen from a government agency or large company.
In these days of mostly electronic data, losses or thefts occur most often when data is stored on some type of portable device – a laptop, external hard drive or the ultimate portable and easy-to-lose storage device, the USB flash drive.
There is no escaping the use of portable data technologies these days because they are cheap, readily available and provide incredible versatility and efficiency.
What is not escapable is the need to use the appropriate security procedures, processes and technologies, based on the assumption that every portable data device is likely to be lost or stolen at some point.
The USB flash drive is the most vulnerable because of its small size, while the portable hard drive offers additional challenges because of its typically larger capacities.
Lost or stolen smartphones, tablets and laptop computers create additional risks because they also contain the software that makes the data on them readily accessible and usable.
It is unreasonable to avoid portable data devices just because of the risks.
The first line of defence is to adopt stringent device and data handling procedures and processes to prevent theft and loss of devices that contain confidential data. This may reduce the risks but cannot eliminate them entirely.
{Passwords}
The second line of defence is to password-protect access to the device – but unless stringent rules make passwords difficult to guess or crack (prohibiting such incredibly popular passwords as “password,” “123456” and “ABC123”), they tend to be of little value to a determined thief after the data rather than the device.
Unfortunately many portable devices such as the Apple iPhone, the darling of the Bring Your Own Device (BYOD) trend in business, only makes provisions for using four numbers as the device password. More secure than no password at all, it is quite weak at only 10,000 possible combinations.
A proper “strong” password should be at least 12 characters long and include both upper and lower case letters, several numbers and a few special characters such as #, & or $.
Some laptops, such as Lenovo ThinkPads, include a biometric fingerprint scanner near the keyboard to control access to the machine. This generally makes it more secure than a password, assuming that the system in implemented and used.
Two factor authentication (2FA), which uses a smartcard or USB type security device in combination with a user password, further ups the ante.
Despite such measures, the Achilles heel of password-protecting devices is that stored data is generally still completely accessible. Although starting the laptop or operating system may require a password, data is easy to access by simply removing the hard drive and connecting it to another computer, completely bypassing the password process.
To overcome this, all hard-drive data should be rendered inaccessible with some type of encryption technology.
{Encryption}
Encryption is a process of encoding information into an unreadable format that cannot be accessed or read by anyone without the decryption key or password. It uses various levels of mathematical algorithms to encode and decode data.
Encryption can be used at the file level – such as for documents, spreadsheets and database sets – or at the system level, where all the data on the device is encrypted.
Microsoft Office applications such as Word and Excel have built-in password and encryption tools that make it fast and easy to secure individual files.
There are two primary types of encryption technologies: private-key (the key to access data is the same at both the encryption and decryption points) and public-key (the two keys are different).
A very common type of public-key encryption software is Pretty Good Privacy (PGP), often used to e-mail files. It can also encrypt file directories and hard-drive partitions.
Data encryption at the drive level is available from some laptop and hard drive manufacturers. It generally is not implemented by default, meaning the user or device owner needs to set it up. Windows 7 Ultimate and Enterprise editions and the Professional and Enterprise editions of Windows 8 include BitLocker software, which allows hard drives to be fully encrypted.
There are several types of encryption technologies: the basic Data Encryption Standard (DES), the more secure Advanced Encryption Standard (AES) and the most secure XTS cipher, approved by the U.S. National Security Agency (NSA). Each offers different levels of security. Most start with 128-bit encryption, move up to 256-bit and may end at 2048-bit encryption.
The technologies work quite effectively at the storage level, making all data completely inaccessible without the correct decryption key.
{USB flash drives}
Recognising the high level of vulnerability of data stored on USB flash drives, many major manufacturers have begun including various levels of hardware encryption, making them able to meet or exceed most of the toughest security requirements in the world.
The Kingston Data Traveler 6000 is manufactured with a water and heat resistant, titanium-coated, stainless steel body. It offers AES 256-bit encryption with the newer XTS cipher, making it very secure. It also prevents brute-force cracking attacks by implementing a 10-try password limit, after which it automatically destroys all data. The 8GB version has a street price of around $120.
The Kangaru Defender 2000 features a physically robust metal-alloy body, AES 256-bit encryption and meets FIPS 140-2 Level 2 validation (additional validations are in the works). Interestingly it includes anti-malware capability. An 8GB version retails for a more reasonable $90.
The Imation S250 starts with a waterproof stainless steel body which is extreme temperature resistant. It earns the coveted (US) Federal Information Processing Standard (FIPS) 140-2, level 3 validation, making it suitable for federal government requirements. It uses both 256-bit AES, 2048-bit RSA and 256-bit SHA encryption technologies, making it virtually impenetrable.
The Enterprise version also offer the ability to deploy, manage and track the devices using Imation’s Enterprise management service. A 2GB S250 lists for $109 while the 32GB version lists for $599.
Imation also makes encrypted portable hard drives with or without biometric access control. Their H100 lists at $249 for 320GB and $499 for 1TB, while the H200 (with biometric technology) starts at $299 for the 320GB version and $549 for the 1TB version.
The Apricorn Aegis Secure Key ($82 for 8GB), the Corsair Padlock ($43 for 8GB) and iStore datAshur ($85 for 8GB) USB flash drives all use 256-bit AES encryption but include a physical keypad on the device housing to unlock the contents.
SanDisk makes the very affordable plastic bodied Cruzer Glide USB flash drive, which ships with 128-bit AES encryption software designed to protect folders on the device. It is more affordable than many of the other drives, retailing at only $22 for the 16GB version.
{Security essential}
Portable data security is more important than ever. With hardware prices now so low, more devices are being used and then subsequently lost or stolen, resulting in often embarrassing and sometime dangerous leaks of confidential data.
While some of the better-quality high-security devices are expensive, even relatively cheap USB flash drives offer substantial protection against casual thieves, who may only be interested in the hardware and professional thieves, likely concerned mainly with the data.
Print this page
