Ask an Expert
Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.
Ask an ExpertDaniel Döring is Managing Director of EgoMind and is responsible for the operational business of the German software development provider. He is also Managing Director at smart2success GmbH where he oversees product development, information technology, and technology partnerships at the risk/project/change management provider. He draws on his experience and knowledge in IT security and software development, among other things, which he has gained since 2004.
Previously, he was responsible for the development and expansion of the product portfolio, support, pre-sales, consulting, academy, and technology partnerships at the IT security manufacturer EgoSecure.
USB storage drives continue to be widely used, especially in the era of remote work. Employees value having access to their data anytime, anywhere. Despite the availability of cloud storage and collaboration tools, the reliance on external data storage remains significant and necessary. People often feel more secure when their sensitive data is stored on devices under their control and within close physical reach. However, these external storage devices are sometimes lost or stolen, posing a risk of data breach. Therefore, it is crucial to always encrypt data stored on these storage devices.
Compared to their software encrypted counterparts, hardware based encrypted drives, like IronKey, offer many benefits such as faster read/write speeds, and low usage overhead due to inherent encryption functionality which does not require any encryption/decryption software to be installed on a host system to access the drive’s data.
Are hardware encrypted USB drives secure? The most common commercial encryption technology is AES 256-bit, which is considered secure based upon NIST which invented the AES encryption that is widely used. Ordinary users cannot bypass this encryption, and even hackers or targeted attackers typically do not invest the effort to crack the actual encrypted cyphertext. Instead, attackers are more likely to exploit vulnerabilities in user behaviour through social engineering attacks or security implementation of storage drives.
User vulnerabilities can include weak or guessable passwords caused by user fatigue of managing too many complex passwords, and worst of all, some security vulnerabilities can often exist within applications or drives. During use, attackers may attempt to spy on passwords during input or electronically attempt to manipulate the drive authentication process to gain access to the encrypted data.
This creates a problem for users of such drives – how can one know that the manufacturer can be trusted for implementing proper safeguards and security to ensure the protection of data against hackers and attackers who may find the specific drive or worse, have stolen it.
To ensure the security of the leading enterprise grade IronKey Vault Privacy 50 series, Kingston Technology had penetration tests performed by third-party experts who simulated hacking attempts to identify and address vulnerabilities rather than exploit them for criminal purposes. Pen testing is one of the best tools in cybersecurity to provide confidence in a device or software and ensure that the product’s security design is robust.
Enhanced data security:
Hardware encryption ensures that the data stored on the VP50 series drives is protected at rest and in transit. It uses a dedicated secure microprocessor embedded in the drive, making it resistant to software-based attacks as well as password guessing – this is known as BadUSB where the drive keeps track of invalid passwords and ultimately crypto-erases its contents to prevent access to the data. This added layer of security reduces the risk of unauthorised access and data breaches.
Ease of use:
Hardware encrypted VP50 drives are user-friendly. They include built-in secure software authentication that runs without needing installation on a system making it convenient for users to unlock and access their encrypted data. This eliminates the need for complex encryption setups usually required with software encryption, simplifying the data protection process. As a result, the ease of using hardware encrypted drives ensures that employees will be less likely to turn to insecure workarounds.
Compliance with security standards:
Many industries and organisations have specific security and compliance requirements such as GDPR which requires strong encryption of data. Hardware encrypted IronKey drives often meet or exceed these standards, which includes FIPS 197 certified AES-256 bit encryption in XTS mode. FIPS 197 is a lab-tested certification that verifies that the encryption is properly implemented as designed by NIST.
Protection from malware:
Hardware encryption completely occurs within the USB drive itself, meaning that encryption keys never leave the drive and are not exposed to the attached computer’s memory where it can be snooped, retrieved from swap or hibernation files and discovered. This protects the drive’s data from malware that may be present on the host system trying to intercept the encryption keys.
Increased performance:
Hardware encryption is faster than software encryption methods, as it offloads the encryption and decryption tasks to the dedicated secure microprocessor within the USB drive. This results in faster data transfers and improved overall performance compared to software-based encryption solutions, which use host PC resources.
Trusted vendor:
The key benefit of successfully passing pen testing by an independent third-party is to assure customers that the drive is engineered to high security standards and can be trusted as a data protection device.
It is important to note that while pen-tested hardware encrypted USB drives provide significant security advantages, they should still be used in conjunction with other security measures, such as strong passwords, regular data backups, and secure data handling practices, to ensure comprehensive data protection. In addition, enterprises need to implement good data security hygiene so all employees follow guidelines to properly safeguard sensitive information.
The established professional penetration testing team from SySS GmbH in Germany subjected Kingston Ironkey Vault Privacy 50 series (Type-A & Type-C®) drives to penetration tests, specifically focusing on user authentication and key handling within the user software.
The penetration testing was successfully completed without discovering any vulnerabilities, leading to Kingston IronKey receiving an Approved Security certificate from SySS GmbH.
With a longstanding reputation and strong trust, Kingston IronKey leads the way in hardware encrypted USB drives providing customised support tailored to your business requirements. Their exceptional "Ask an Expert" team ensures personalised advice that precisely aligns with your environment and unique needs.
#KingstonIsWithYou #KingstonIronKey
Planning the right solution requires an understanding of your project’s security goals. Let Kingston’s experts guide you.
Ask an ExpertRemembering to backup frequently can evade even the most experienced tech enthusiast. We’ll cover some simple tricks to ensure you can easily backup regularly.
For creatives that produce content for high-profile clients, encrypted storage can secure your important files and help you fulfil your security responsibilities.
There are two main types of encryption - software encryption and hardware encryption.
How to maximise your online security by taking steps to protect your presence.
Encrypted USB flash drives keep your private data safe but how do they work?