USB flash drives have been on the market for over a decade and are popular as a means of safely storing data in an effective, secure medium. As businesses increase their demand for flash drives, these drives are increasing their data storage and security capabilities exponentially.
The great thing about flash storage devices is that data can be easily stored on the device, moved to a different computer and then offloaded from the device. While this may seem to be a very insecure method of transferring data, the truth is that it is really one of the most secure.
There are a few ways in which flash storage can be used to improve your security. One of the easiest ways is through data encryption, which allows you to encrypt data on the fly while storing it to the flash device. In this way, if the flash device somehow falls into the wrong hands, there is no way that anyone can actually access this data, without having the decryption keys.
Another way to secure a flash drive is through a program that automatically runs when the unit is plugged into a PC’s USB port. The software resides on a separate partition that emulates a CD, so that the computer is tricked into thinking that the user have inserted a CD. In this manner, any number of security features can be emulated to allow total security from possible theft of data, even to the point that the software automatically wipes the USB or overwrites the data in the case of an unauthorized user. This type of functionality cannot be provided by a software system as encrypted data can usually be easily copied from the drive. Be advised, however, that this form of hardware security can result in data loss if activated accidentally by legitimate users. As the encryption keys used in hardware encryption are usually not stored in the computer’s memory, hardware solutions are less subject to “cold boot” attacks.
Programs from CMS Vault (which provides access to an encryption program on the CD emulation partition) to IronKey Person S200, which automatically runs a control panel requiring password and/or other security information before the data can be accessed, are readily available for use with most flash storage devices.
Some USB drives actually contain microchips within the USB drive which can provide on-the-fly encryption. Others require a PIN to be entered into a physical keypad. These types of built in security can be quite costly, presently, but the prices are continuing to drop, and the comparative value compared to standard encryption techniques are making these methods more and more affordable.
One of the easiest and most cost-effective means of securing your company’s data on flash devices is through a zip program such as 7-Zip which is actually free and contains its own high level encryption software. However, this method is not encouraged for high-level security needs such as government institutions or in companies dealing with data that requires extensive security, such as banks and credit institutions.
Hackers and professional security analysts are constantly testing security the security of encrypted flash drives flash drives and several have been compromised. However, it should be noted that those flash devices that have been compromised have been fixed almost immediately. These devices include:
– SanDisk Cruzer Enterprise
– Kingston DataTraveler BlackBox
– Verbatim Corporate Secure USB Flash Drive
– Trek Technology ThumbDrive CRYPTO
All of the above companies reacted immediately to the threat by releasing patches. Kingston offered replacement drives which used a completely different security architecture.
USB flash drives have come quite a ways from the first flash sticks with little to no security. These days, you can safely transport more data in a much more secure environment for much less cost than you could a decade ago. While there are still security threats inherent with any kind of storage of data, manufacturers of flash storage devices have risen to meet most (if not all) security threats and are continuing to find ways to increase not only the amount of storage of the devices but also the level of security available to businesses. With a little research, your company could very well save money while increasing security by adopting a flash storage policy.