Stories abound of sensitive data being committed to USB sticks and then falling into the wrong hands. Of course, you can buy 'secure' USB flash drives with hardware encryption and strong password protection, often with additional safeguards such as automatic data wiping if the wrong password is entered a certain number of times.
Unfortunately, passwords — even strong ones — are vulnerable to attack, and a successful password crack then gives the attacker access to the encrypted data. To address this issue, UK software developer Conseal Security has released Conseal USB, which applies a further layer of security: as well as delivering 256-bit AES encryption and strong password protection, Conseal USB adds a cloud-based management system that delivers access control, remote wipe, device usage alerts and a complete audit trail of access attempts.
Access to a Conseal-protected drive is only possible with an internet connection to the cloud service, so in order to make off with the data a thief would not only have to steal the USB device, but also obtain the password, circumvent any access restrictions and copy the files before the administrator noticed the email alert and wiped the drive remotely. Even then, a full record of the heist, including IP addresses, would be left behind.
Conseal, which works with any USB-connected storage device, comes in Home and Corporate versions. The entry-level Home licence, reviewed here, supports up to five devices and costs £19.95 a year, while the Corporate offering starts at 10 devices for £140 a year. Enterprises or governments requiring widespread USB device lock-down will need to consider the higher reaches of the price list: 100 devices for £99/month rising to 10,000 devices for a spectacular £5,950/month.
Logging into the Conseal Windows app and selecting a USB drive for 'Consealing'
After signing up for the service, your first task is to 'Conseal' a storage device. This you do by first downloading the small (Windows only) Conseal USB application, logging in, connecting a USB device and clicking the 'Conseal This' button. You'll then be asked to create a (strong) password and a name for the device, whereupon it will be encrypted, previously deleted data securely erased, the device registered with Conseal's server and existing data secured. This process took about 20 minutes on our test 4GB USB flash drive.
After creating a password and a device name for our 4GB USB flash drive, the device is 'Consealed'
Once processing is complete, the encrypted drive appears, along with any existing data, under a new drive letter (F: in this case). To remove the device, you first lock it in the Conseal app and then eject it via the System tray in the normal way:
The web-based Conseal management console gives the administrator an impressive amount of information on, and control over, the usage of the USB device:
Under Recent History, you get a full audit trail of successful and unsuccessful accesses (you can also set up email alerts for all attempts to unlock the device):
There's a comprehensive set of access control options, including restricting the IP address range, the domain name and the particular computers that can unlock the device, as well as specifying particular time windows for access:
When a Conseal device is inserted in an internet-connected computer, you click on the 'Unlock' icon in the drive window and enter the password to access the encrypted data. If the computer has no internet connection, the device cannot register with Conseal's server, and access is denied:
If an administrator decides that security has been compromised, a Conseal device can be set to 'self-destruct' the next time it's inserted:
After a post-self-destruct insertion, our test 4GB USB stick had to be reformatted to make it usable again:
Conseal USB provides impressive security and security management for USB storage devices. It looks expensive at the higher end of the price scale, but small businesses could well find £20 or £140 a year well worth the investment. Beware, though, that this cloud-based service will render your sensitive USB-based data inaccessible if its servers should go offline for any reason.
Conseal USB currently only works on Windows (XP and above) systems, but the company says that Mac OS X and Linux support is in the pipeline (no details on timing are available as yet).