As you will expect, hardware with built-in self-encryption costs more than standard non-encrypting hardware. That said, the software-free design does allow you to use self-encrypting hardware without taking a specific OS into account. Moreover, these devices stymie brute-force attacks by deleting the on-board decryption key after a predetermined number of errors, rendering the remaining data as nothing more than gibberish.
Businesses should know that not all self-encrypting hardware implementations are created equal. Some hardware encryption devices have been found to implement unreliable "pseudo encryption" or perform flawed password checking. There's often no easy way to separate fake products from the real McCoy, unfortunately, though it's safe to say that buying hardware at an overnight flea market or from a seller of unknown reputation on eBay is unlikely to be a wise choice.
Mixing Encryption Hardware and Software May Be Best Medicine
Finally, numerous business-centric products use a mixture of proprietary encryption hardware and custom software. One, the Defender series of encrypted flash drives from Kanguru Solutions, is designed for use in both small businesses and enterprises.
As with the self-encrypting hardware mentioned above, data stored on Defender USB flash drives is automatically encrypted with 256-bit AES encryption. Instead of relying on a keypad, though, the Kanguru Defender uses a software client loaded on an unencrypted portion of the drive to request the user password. This is passed to the USB drive for on-device password matching, making it impossible to bypass the authentication process.
The software client serves a dual role, too, synchronizing with a backend server for the latest device policies such as password expiration, maximum number of password attempts and minimum password complexity. Policies that provide access to the Defender USB flash drive in the absence of Internet connectivity can also be configured.
Encryption Strategy Not Always Ready to Wear
Device encryption, like all password-protected technology, comes with the unavoidable risk of users forgetting their passwords. In some cases, proper recovery-key management or a password-management tool can mitigate this. Along these lines, makes sure the encrypted data is never the sole copy of the information and that a secure back up is available elsewhere.
There's no doubt that the technology to secure portable storage devices already exists, though ease of use and cost can vary widely. BitLocker To Go is easy to implement, but it isn't suitable for mixed operating system environments. Self-encryption hardware may be more convenient and versatile, but it often comes at a steep per-device premium. Ultimately, businesses must explore the options carefully to determine the best solution for their needs, but the key is to not leave portable storage devices unprotected.
Sign up for CIO Asia eNewsletters.