Stories abound of sensitive data being committed to USB sticks and then falling into the wrong hands. Of course, you can buy 'secure' USB flash drives with hardware encryption and strong password protection, often with additional safeguards such as automatic data wiping if the wrong password is entered a certain number of times.
Unfortunately, passwords — even strong ones — are vulnerable to attack, and a successful password crack then gives the attacker access to the encrypted data. To address this issue, UK software developer Conseal Security has released Conseal USB, which applies a further layer of security: as well as delivering 256-bit AES encryption and strong password protection, Conseal USB adds a cloud-based management system that delivers access control, remote wipe, device usage alerts and a complete audit trail of access attempts.
Access to a Conseal-protected drive is only possible with an internet connection to the cloud service, so in order to make off with the data a thief would not only have to steal the USB device, but also obtain the password, circumvent any access restrictions and copy the files before the administrator noticed the email alert and wiped the drive remotely. Even then, a full record of the heist, including IP addresses, would be left behind.
Conseal, which works with any USB-connected storage device, comes in Home and Corporate versions. The entry-level Home licence, reviewed here, supports up to five devices and costs £19.95 a year, while the Corporate offering starts at 10 devices for £140 a year. Enterprises or governments requiring widespread USB device lock-down will need to consider the higher reaches of the price list: 100 devices for £99/month rising to 10,000 devices for a spectacular £5,950/month.
Logging into the Conseal Windows app and selecting a USB drive for 'Consealing'
After signing up for the service, your first task is to 'Conseal' a storage device. This you do by first downloading the small (Windows only) Conseal USB application, logging in, connecting a USB device and clicking the 'Conseal This' button. You'll then be asked to create a (strong) password and a name for the device, whereupon it will be encrypted, previously deleted data securely erased, the device registered with Conseal's server and existing data secured. This process took about 20 minutes on our test 4GB USB flash drive.
After creating a password and a device name for our 4GB USB flash drive, the device is 'Consealed'
Once processing is complete, the encrypted drive appears, along with any existing data, under a new drive letter (F: in this case). To remove the device, you first lock it in the Conseal app and then eject it via the System tray in the normal way: