With large capacity USB thumb drives it's easy to put massive amounts of sensitive data in an easily lost package. Regulations can make the cost of losing health or financial data quite severe, forcing expensive notification and remedial actions.
But the convenience of carrying the data between home, office and on business trips is seductive and, in a world where wireless access is hardly assured and often slow, a near necessity. So how do re reconcile convenience and security?
The folks at Apricorn have an idea. The Aegis Secure Key USB 3.0 Flash Drive has built-in, on-the-fly AES 256 bit encryption and a keypad for access. They sent me one to review, and I've used it for several months to get a long-term perspective, mostly on my MacBook Air, whose 128GB SSD needs all the help it can get.
The drive is simply packed in a foam lined box. The drive itself is almost four inches long, an inch wide (it will crowd adjacent USB ports) and half an inch thick.
The drive comes with a metal case that fits over the numeric keypad - and it's the keypad that justifies the Secure Key's size. As part of the setup you put in a 7-16 digit PIN, and each time you unlock the drive you use the keypad.
Even with my large, fat fingers, I had no problem using the keypad to quickly unlock the device with an 8 digit PIN. The entire Key is mostly metal, and once inserted into the metal sleeve, it is very tough. I carried it around for weeks and it was not even scratched.
The Secure Key drive chips are encased in epoxy, making physical access difficult and tampering obvious. Since it has it's own keypad and no host software, it is not suseptible to attack by keyloggers.
The keys did not show any signs of wear after several months use. The drive auto-locks when unplugged, powered down or after a pre-set time out.
The Secure Key is also IP58 certified against dust and water. The water test is 1 meter deep for 30 minutes. The firmware is locked down and not alterable by host systems.
The Secure Key is a self-contained unit. It doesn't need external software for setup, so it is instantly compatible with Windows, macOS, and any other USB enabled device. It supports independent user and admin PINs, that enables forgotten user PINs or user-locked Keys to be unlocked by IT.
The Secure Key is FIPS 140-2 Level 3 compliant, which is quite a mouthful. What it means is:
- A validated encryption module.
- Tamper-evident seals for detecting physical access to the crypto keys and parameters.
- Physical security to protect against access, use, or modification of the crypto module.
- Use of NIST-approved crypto algorithms and modules, as well as lab validation by approved third-parties.
The drive can also be reset, which destroys all the data and keys, so a previously used drive can be repurposed without exposing prior content. When unlocked it is like any other USB drive, and can be partitioned and formatted for whatever OS you prefer.
The Storage Bits take
The Aegis Secure Key USB 3.0 Flash Drive is a serious business tool, meant for sustained use in all kinds of physical and security environments.
I don't know if it will protect your data against a determined state actor, but if that is your concern you have bigger problems. In the USA, the fact that you have to enter a passcode means that you can't be forced by police or a judge to give up your data.
For business users, my understanding is (check with your company lawyer for a legal opinion) that the loss of this class of device would protect you and your firm from the disclosures required for the loss of unsecured, regulated, data.
With capacities of up to 480GB, the Secure Key can hold a lot of sensitive data. But all of this security comes at a price that will discourage casual users: anywhere from $95 to $375 online.
But if you regularly carry sensitive data, the Secure Key is far less costly than a data loss.
Courteous comments welcome, of course.