I have got a new toy, and its cool. An Encrypted Portal Hard-disk that can only be accessed if you know the pin, which you must type in to the number pad on the front of the drive.
I have a new contract with a local government client, where I am creating a new database for at risk individuals. They take user data protection pretty seriously and required that all documents I took off premises is protected, that includes providing protection in the case of losing my laptop, USB Stick or portable drive. They, as well as all UK government organisations, are under pressure from the Information Commissioner to provide assurance that customer data is protected.
On day one of my contract I had to sit through mandatory data protection training and was required to put together a plan on how I protect the data that fell under my control, or that I had access to. This plan had to approved by the internal data controller and validated against his data protection policy.
What was I to do? Easy, encrypted portal hard disk, everything is saved to this disk, that is not stored on the network. I researched the options, and there are a few out there, but the biggest issue for this type of solution is if the encryption standard would meet the data protection policy standard. The standard required 256bit FIPS certified encryption as a minimum, which not all products do; and a way to ensure that the encryption key was protected and/or destroyed if the encrypted storage was lost or stolen, this was a bigger challenge to find with the solutions in the market.
The team at iStorage UK provide a number of solutions, the Solid State Drive version which comes with FIPS 140-2 certification and the cheaper non-SSD disk which comes with hardware based FIPS PUB 197 Validated Encryption Algorithm. I checked with the data controller, he was happy with either, so I went for the cheaper version, although I did go for the two terabyte version, which is more encrypted data I will ever need.
Being hardware encryption the setup was a breeze, I plugged it in to my USB port, the computer automatically recognized a new external drive had been attached, you type in the pin (default was 123456) and hit the unlock button, wala, you have access to all your drive. It works just like a normal disk, you drag and drop files or copy and paste files to the drive or directory and unbeknownst to you your data is automatically encrypted and protected with Real-time military grade XTS-AES 256-bit hardware encryption.
If you lose your drive all data is encrypted and can not be accessed unless you know the pin, which is between 6 and 16 characters long. If someone tries to brute force the pin code the drive locks itself after a few failed attempts to guess the pin, which then requires you to unplug the drive and plug it back in before you can attempt more guesses. This stop automated software attempts at brute force, as it would require someone to sit there and keep unplugging the drive and re-plugging the drive back in to attempt another round of pin guesses.
Once you have attempted bad pin guesses above the administrator set threshold the drive assumes it is being attacked and destroys the encryption key and lock itself, making it impossible to recover the data.
Another cool feature is that it allows you to define a self destruct code, which as the name suggests, will destroy the encryption keys if you type in the destruct pin instead of the unlock pin, you know, in case “the man” is trying to force you to access your data.
If you take your disk to another PC, all you need to do is plug it in and type in your access code and you have full access to your data. This product is an example of “Keep It Simple Stupid”, easy to use, but significantly increases your data protection by utilizing military grade encryption.
I would give diskAshur a solid 5 stars! Nice job boys. Oh, and you can buy one here.
And if you just want to protect your personal photos (of you and the girlfriend/boyfriend) then they do USB sticks also, you can buy one here.