ZDNet independently tests and researches products to bring you our best recommendations and advice. When you buy through our links, we may earn a commission.Our process
'ZDNet Recommends': What exactly does it mean?
ZDNet's recommendations are based on many hours of testing, research, and comparison shopping. We gather data from the best available sources, including vendor and retailer listings as well as other relevant and independent reviews sites. And we pore over customer reviews to find out what matters to real people who already own and use the products and services we’re assessing.
When you click through from our site to a retailer and buy a product or service, we may earn affiliate commissions. This helps support our work, but does not affect what we cover or how, and it does not affect the price you pay. Neither ZDNet nor the author are compensated for these independent reviews. Indeed, we follow strict guidelines that ensure our editorial content is never influenced by advertisers.
ZDNet's editorial team writes on behalf of you, our reader. Our goal is to deliver the most accurate information and the most knowledgeable advice possible in order to help you make smarter buying decisions on tech gear and a wide array of products and services. Our editors thoroughly review and fact-check every article to ensure that our content meets the highest standards. If we have made an error or published misleading information, we will correct or clarify the article. If you see inaccuracies in our content, please report the mistake via this form.
The diskAshur2 line from iStorage comes in multiple sizes and formats, including a rubberised external SSD. We looked at the £379 512MB unit, but it's available in sizes up to 4TB, and as a hard drive version too. iStorage also offers the related datAshur Pro USB stick, and we looked at the £129 64GB model.
The SSD comes in a sturdy zipped case with a wrist strap and it's physically larger than many external SSDs (although smaller and neater than the previous generation of diskAshur models). Usefully it has a built-in USB A cable that folds neatly into a groove on the drive chassis.
The promised 'military grade' security means the AES 256 hardware encryption engine, the hardware random number generator that randomly generates the data encryption key and the secure microprocessor that drives those are all certified to the US government FIPS 140-2 and the international ISO Common Criteria EAL4+ specification. That makes them both secure and suitable for use in regulated organisations like healthcare and government offices, as well as suitable for key employees carrying confidential documents.
The visible part of this security is the PIN pad (wear-resistant so it doesn't give any clues about which keys are pressed the most) and the red, green and blue LEDs on the front. You use these to enter your PIN, but first you'll want to change the default admin PIN (it's the same for every drive, including the USB sticks). This involves a key sequence to put the drive into admin mode, which is slightly confusing but actually easier than the colour-coded instructions in the manual make it look. IT departments can also set an admin PIN that they keep and a user PIN for employees to use.
You choose a PIN of from 7 to 15 digits (you can make these more complex by using the shift key with some of the digits) that you have to type in every time you connect the drive. That causes the red LED to turn off and the blue and green LEDs to flash for a few seconds, after which the green LED should light up (although it continues to flash since it confusingly doubles as the drive activity light).
If you get the PIN wrong five times the drive locks up, which should put off someone who wanders up to your PC in the coffee shop and tries it. If you're trying to remember your own PIN, you get another ten tries if you know that you can unplug and reconnect it a couple of times; you then hold down the shift key the next time you unplug and reconnect it, typing in the preset PIN and then your own. That's too complicated a sequence to be triggered by a child playing with the drive, for example -- which is important as 15 incorrect PIN entries will cause the drive to delete the encryption key, rendering the files inaccessible.
You can choose the lock time, from five to 99 minutes, which means another complicated key sequence to look up in the manual (the full one on the drive, not the quick-start in the box). If you're stepping away for a few minutes you can press the lock button. For extremely confidential data, you can enter the 'self-destruct PIN' which deletes the encryption key, all stored PINs and the drive contents. That's useful even if you're not a spy in danger of imminent capture because it allows IT to reissue the drive to another user without danger of sharing previously encrypted files.
The diskAshur2 isn't a ruggedised device, but IP56 dust and water resistance means you don't have to worry about taking it outside or onto a construction site; the SSD inside the case is encased in epoxy and anyone trying to crack that open will trigger a disk erase (although we didn't test this).
The drive comes with one year licenses for NERO BackItUp and iStorage DriveSecurity software, but they're not preinstalled so if your organisation uses other tools, they're not taking up space on the drive.
In use, the diskAshur2 is a bit fiddly, especially if the autolock time is on the short side. An epaper display would be much clearer than the combinations of blinking and solid blue and green LEDs you have to memorise.
Locking the drive doesn't close any documents you have open already -- we were able to print open files and save them into other unencrypted locations, so make sure to close any files when you lock the drive unless your computer is also locked.
The drive itself is a Crucial SSD, which is a reliable brand with good performance. The listed speeds slow down a little in practice, but our benchmarks showed 270Mb/s writes and reads (although that varied significantly with different block lengths).
The USB 3.0 thumb drive comes in 8GB, 16GB, 32GB and 64GB capacities. It also comes in tamper-proof plastic packaging that you need to cut apart carefully, so you don't damage the instructions for using it. These are slightly different from the way you use the PIN for the diskAshur2, both in terms of the specific key combinations and the features. You can still have up to 15 characters in your PIN and you can still have both user and admin PINs, as well as changing the timeout and even putting the drive into read-only mode, but there's no duress PIN.
You also have to press the unlock button before and after you type in the PIN -- and you do that before you put the USB stick into a computer (you've got 30 seconds to get it in place, or you have to pull it out and unlock it again). This is what allows the datAshur to be used as a boot drive -- which is certainly useful, but it also means you need to keep the drive charged enough for the unlock code to work. If you haven't used it in a long time, you might need to let it charge for half an hour or so first -- you can't unlock it while it's in the USB port.
There's no lock button on the PIN pad; you just pull the drive out when you want to lock it.
You also only have ten attempts before the PIN gets deleted to prevent unauthorised access. After that, the admin PIN will unlock the files, but ten failed attempts to log in with the admin PIN deletes both the user and admin PIN, the encryption key and the files. You can reformat the drive and reuse it, but you can't recover the files. If all the PINs have been forgotten and you want to erase and reuse the drive, there's another complicated key combination for that.
All of this is secured by AES 256-bit hardware encryption to FIPS 140-2 certification, making it not just secure but approved for regulated industries.
The PIN pad is still coated to be wear-resistant, but the buttons are on the small side and might prove tricky for anyone with larger fingers. However, with only two LEDs and a single unlock button, the interface is a little simpler than the diskAshur2's. If you find it easier to remember words than digits, there are letters on buttons 2 to 9.
The cover -- which snaps on firmly and protects the PIN pad so buttons don't get knocked and turn on the drive in your bag, running down the battery -- is aluminium. With the cover snapped on the drive has an IP57 rating, making it waterproof. You can also get the cover personalised with laser etching (if you want to have contact details in case it gets lost, example).
Sensibly, the metal cable is attached to the drive body, so even if the cap pulls off the drive will stay on your key ring. Inside the case the flash memory is encased in epoxy resin to make it hard to extract without damaging it so much that an attacker couldn't read it (even if they could bypass the encryption controls).
Drive speed slightly exceeded the promised 139MB/s write speed: copying over 1GB of files from a Surface Book took less than 30 seconds; reading files from the drive is just as fast, while deleting files is no slower than on an unencrypted drive. Not only is this a USB 3.0 device, it also works with USB OTG, so you can use it with a phone or tablet via an OTG adapter.
Both these drives offer excellent security, albeit with a rather complex interface for getting at the advanced features. The other drawback is the price, which is a definite premium over a standard hard drive or USB stick. But if you need the security of hardware encryption with the convenience of a drive that works on any system -- including phones in the case of the datAshur Pro -- then this is a reasonably well thought-out system that will protect confidential data in several ways. If you're buying in bulk, iStorage can even set up custom PINs and preload files onto the drives for you, making them a secure way to distribute data to staff.