diskAshur2 and datAshur Pro, First Take: Secure but pricey mobile drives

istorage-header.jpg
  • Editors' rating
    Not yet rated

The diskAshur2 line from iStorage comes in multiple sizes and formats, including a rubberised external SSD. We looked at the £379 512MB unit, but it's available in sizes up to 4TB, and as a hard drive version too. iStorage also offers the related datAshur Pro USB stick, and we looked at the £129 64GB model.

diskAshur2

diskashur2.jpg
Image: iStorage

The SSD comes in a sturdy zipped case with a wrist strap and it's physically larger than many external SSDs (although smaller and neater than the previous generation of diskAshur models). Usefully it has a built-in USB A cable that folds neatly into a groove on the drive chassis.

The promised 'military grade' security means the AES 256 hardware encryption engine, the hardware random number generator that randomly generates the data encryption key and the secure microprocessor that drives those are all certified to the US government FIPS 140-2 and the international ISO Common Criteria EAL4+ specification. That makes them both secure and suitable for use in regulated organisations like healthcare and government offices, as well as suitable for key employees carrying confidential documents.

The visible part of this security is the PIN pad (wear-resistant so it doesn't give any clues about which keys are pressed the most) and the red, green and blue LEDs on the front. You use these to enter your PIN, but first you'll want to change the default admin PIN (it's the same for every drive, including the USB sticks). This involves a key sequence to put the drive into admin mode, which is slightly confusing but actually easier than the colour-coded instructions in the manual make it look. IT departments can also set an admin PIN that they keep and a user PIN for employees to use.

You choose a PIN of from 7 to 15 digits (you can make these more complex by using the shift key with some of the digits) that you have to type in every time you connect the drive. That causes the red LED to turn off and the blue and green LEDs to flash for a few seconds, after which the green LED should light up (although it continues to flash since it confusingly doubles as the drive activity light).

If you get the PIN wrong five times the drive locks up, which should put off someone who wanders up to your PC in the coffee shop and tries it. If you're trying to remember your own PIN, you get another ten tries if you know that you can unplug and reconnect it a couple of times; you then hold down the shift key the next time you unplug and reconnect it, typing in the preset PIN and then your own. That's too complicated a sequence to be triggered by a child playing with the drive, for example -- which is important as 15 incorrect PIN entries will cause the drive to delete the encryption key, rendering the files inaccessible.

Top ZDNET Reviews

You can choose the lock time, from five to 99 minutes, which means another complicated key sequence to look up in the manual (the full one on the drive, not the quick-start in the box). If you're stepping away for a few minutes you can press the lock button. For extremely confidential data, you can enter the 'self-destruct PIN' which deletes the encryption key, all stored PINs and the drive contents. That's useful even if you're not a spy in danger of imminent capture because it allows IT to reissue the drive to another user without danger of sharing previously encrypted files.

The diskAshur2 isn't a ruggedised device, but IP56 dust and water resistance means you don't have to worry about taking it outside or onto a construction site; the SSD inside the case is encased in epoxy and anyone trying to crack that open will trigger a disk erase (although we didn't test this).

The drive comes with one year licenses for NERO BackItUp and iStorage DriveSecurity software, but they're not preinstalled so if your organisation uses other tools, they're not taking up space on the drive.

In use, the diskAshur2 is a bit fiddly, especially if the autolock time is on the short side. An epaper display would be much clearer than the combinations of blinking and solid blue and green LEDs you have to memorise.

Locking the drive doesn't close any documents you have open already -- we were able to print open files and save them into other unencrypted locations, so make sure to close any files when you lock the drive unless your computer is also locked.

The drive itself is a Crucial SSD, which is a reliable brand with good performance. The listed speeds slow down a little in practice, but our benchmarks showed 270Mb/s writes and reads (although that varied significantly with different block lengths).

datAshur Pro

datashur-pro.jpg
Image: iStorage

The USB 3.0 thumb drive comes in 8GB, 16GB, 32GB and 64GB capacities. It also comes in tamper-proof plastic packaging that you need to cut apart carefully, so you don't damage the instructions for using it. These are slightly different from the way you use the PIN for the diskAshur2, both in terms of the specific key combinations and the features. You can still have up to 15 characters in your PIN and you can still have both user and admin PINs, as well as changing the timeout and even putting the drive into read-only mode, but there's no duress PIN.

You also have to press the unlock button before and after you type in the PIN -- and you do that before you put the USB stick into a computer (you've got 30 seconds to get it in place, or you have to pull it out and unlock it again). This is what allows the datAshur to be used as a boot drive -- which is certainly useful, but it also means you need to keep the drive charged enough for the unlock code to work. If you haven't used it in a long time, you might need to let it charge for half an hour or so first -- you can't unlock it while it's in the USB port.

There's no lock button on the PIN pad; you just pull the drive out when you want to lock it.

You also only have ten attempts before the PIN gets deleted to prevent unauthorised access. After that, the admin PIN will unlock the files, but ten failed attempts to log in with the admin PIN deletes both the user and admin PIN, the encryption key and the files. You can reformat the drive and reuse it, but you can't recover the files. If all the PINs have been forgotten and you want to erase and reuse the drive, there's another complicated key combination for that.

All of this is secured by AES 256-bit hardware encryption to FIPS 140-2 certification, making it not just secure but approved for regulated industries.

The PIN pad is still coated to be wear-resistant, but the buttons are on the small side and might prove tricky for anyone with larger fingers. However, with only two LEDs and a single unlock button, the interface is a little simpler than the diskAshur2's. If you find it easier to remember words than digits, there are letters on buttons 2 to 9.

The cover -- which snaps on firmly and protects the PIN pad so buttons don't get knocked and turn on the drive in your bag, running down the battery -- is aluminium. With the cover snapped on the drive has an IP57 rating, making it waterproof. You can also get the cover personalised with laser etching (if you want to have contact details in case it gets lost, example).

Sensibly, the metal cable is attached to the drive body, so even if the cap pulls off the drive will stay on your key ring. Inside the case the flash memory is encased in epoxy resin to make it hard to extract without damaging it so much that an attacker couldn't read it (even if they could bypass the encryption controls).

Drive speed slightly exceeded the promised 139MB/s write speed: copying over 1GB of files from a Surface Book took less than 30 seconds; reading files from the drive is just as fast, while deleting files is no slower than on an unencrypted drive. Not only is this a USB 3.0 device, it also works with USB OTG, so you can use it with a phone or tablet via an OTG adapter.

Conclusions

Both these drives offer excellent security, albeit with a rather complex interface for getting at the advanced features. The other drawback is the price, which is a definite premium over a standard hard drive or USB stick. But if you need the security of hardware encryption with the convenience of a drive that works on any system -- including phones in the case of the datAshur Pro -- then this is a reasonably well thought-out system that will protect confidential data in several ways. If you're buying in bulk, iStorage can even set up custom PINs and preload files onto the drives for you, making them a secure way to distribute data to staff.

PREVIOUS AND RELATED CONTENT

Western Digital unveils world's fastest UHS-I flash memory card
The new card offers a 50 percent performance boost.

Can Samsung's 31TB SSD challenge hard drives in the data center?
Hard drives are struggling to get to 14TB. Now Samsung is kicking sand - literally - into their faces with a new, 2.5-inch 31TB SSD. You and I will never buy one, but still, it's pretty amazing.

Microsoft's DNA storage breakthrough could pave way for exabyte drives
Scientists develop a more efficient way to find and selectively retrieve files stored on DNA.

The future of consumer storage: All the pieces, except one
Seeing all the new storage ideas at CES - and some storage problems of my own - makes me rethink consumer storage. We have all the pieces, except one. Here's what I see coming.

Why your company should stop neglecting data storage: 6 tips for getting organized (TechRepublic)
Storage is an often-overlooked area, but with the increase in big data, it's worth paying attention to.

Read more reviews

Top ZDNET Reviews