Storage Toolkit

USB drives: Useful tool or security nightmare?

Tags:
Security,
USB

Mike Mullins Tech Republic

Published: 18 May 2005 17:30 BST

But according to Microsoft, EFS can't encrypt a file on removable media, such as a CD, floppy, or flash drive. That means you'll have to rely on a third-party application to do the encrypting for you.

You could deploy an application that resides on the workstation or network to handle the encryption. However, this option defeats the purpose of being able to use these devices no matter where your users find it necessary.

A better solution is to purchase devices that include built-in security features. Several USB flash drive manufacturers offer drives with these features, and the additional cost is minimal when you compare it to the extra layer of security provided by these features.

The best secure USB flash drives feature Advanced Encryption Standard (AES) symmetric encryption. This is one of the newest government- and corporate-grade encryption standards, and its complexity is more than sufficient to protect your data.

From my experience, I recommend both the Lexar JumpDrive Secure USB Flash Drive and the Kingston DataTraveler Elite. Both drives perform excellently under a variety of conditions, and they offer exceptional protection for corporate data if a user loses the drive.

Different manufactures offer different key lengths or implementations. Choose a USB flash drive with proper encryption complexity that's comfortable for your users.

When deploying these devices, make sure you update the company security policy to address their use in the organisation. In addition, you might want to maintain a password database for the devices. Otherwise, if users forget their passwords, the cost of data recovery might not be equal to the corporate value of the data.

Mike Mullins has served as a database administrator and assistant network administrator for the US Secret Service. He is a network security administrator for the Defense Information Systems Agency.