Encryption Is Key when Using Removable Drives

Cyber security risk is among the greatest dangers facing utility companies today. A significant component of such risk is the use of USB drives. While they have revolutionized data transfers, they have also introduced grave security concerns.

1806uppf Kingston P01

By Ruben Lugo

Cyber security risk is among the greatest dangers facing utility companies. A significant component of such risk is the use of USB drives. While they have revolutionized data transfers, they have also introduced grave security concerns. With their extreme portability, USB drives can turn up anywhere and everywhere—from jacket pockets to parking lots—putting data at risk.

1806uppf Kingston P01

Bring Your Own Device (BYOD) is a related concern of security officials, where companies and organizations give their workers the option to use non-company authorized USB drives. However, all it takes is one unencrypted USB drive to negate the millions of dollars spent on cyber security.

USB drives have proven their value for companies of all sizes, in many important ways. These drives have delivered tangible benefits such as file sharing and mobility tools, as backup drives and much more.

USB drive capacities range from 256MB to 2TB. Their portability and extremely easy ability to be connected to various networks make them susceptible to being lost and breached. And that leads to the possibility of critical, important, classified, sensitive data landing in the wrong hands.

It is critical that utility companies have policies and practices that govern how such data is protected. Workers—whether in an office or in the field, full-time employees or third-party contractors, executives or clerks—must know and follow these policies and practices to avoid loss of data, compromised data, or malicious virus and malware attacks.

Blocking or prohibiting employees from all USB ports sounds like an easy solution, but it may also restrict their productivity and lower their work efficiency. So, how can utility organizations deal with these risks without completely forbidding USB-drive usage and forfeiting all of its conveniences?

To combat the disadvantages of using standard unencrypted consumer USB drives for storing and moving business data, companies, such as Kingston Technology, have introduced a range of encrypted USB drives. These encrypted USB drives have helped businesses large and small transport their mobile data securely and confidently.

Encrypted Drives

Encrypted USB flash drives are an essential pillar of a comprehensive data loss prevention (DLP) strategy. According to security experts, companies and organizations must insist employees use only encrypted USB drives, which would combine the productivity advantages of allowing USB access while protecting the information on the drive. Encrypted USB drives are designed to protect even the most sensitive data using the strictest security regulations and protocols. Encryption of USB drives can be performed two different ways, using either hardware or software.

Encrypted USB drives are powerful tools in closing security gaps. They help ensure security and compliance by offering:

• Anti-virus protection,

• Complex password protection,

• Ability to be managed remotely,

• Tamper-evident technology, and

• Wide capacity range.

Hardware-based Encryption

The most effective encrypted USB flash drives are the ones where the security is implemented in the device’s hardware to combat ever-evolving threats.

A USB drive with hardware-based encryption is an excellent, non-complicated and simple solution to protect data from breaches or data loss events, while also meeting evolving governmental regulations. Priced between $40 and $600, depending on capacity, they offer a solution for applications throughout the utility industry. Such devices meet industry security standards and offer peace of mind in portable data protection to confidently manage threats and reduce risks.

Hardware-based encrypted USB drives are self-contained and don’t require a software element on the host computer. No software vulnerability eliminates the possibility of brute-force, sniffing and memory hash attacks.

In addition, they have digitally signed firmware that cannot be altered as well as a physical layer of protection. Some of these drives come in epoxy-dipped/filled cases that prevent access to the physical memory. In contrast, a USB drive with software encryption uses software that runs on the host computer and is vulnerable to attacks.

Hardware-based encrypted USB drives, such as the Kingston IronKey D300, use AES 256-bit encryption in XTS mode. This better ensures that anyone who finds such a drive cannot access the information because the drive wipes itself clean after 10 attempts of password guessing.

A hardware-centric/software-free encryption approach to data security is the best defense against data loss because it eliminates the most commonly used attack routes. This same software-free method also provides complete cross-platform compatibility with any OS or embedded equipment possessing a USB port and file storage system.

Hardware-based vs.
Software-based Encryption

Hardware-based encryption:

• Processor to handle encryption/decryption is located and all done on the drive. Processor contains a random number generator to generate an encryption key, which the user’s password will unlock;

• Increases USB drive performance by off-loading encryption from the host system;

• Safeguards keys and critical security parameters within crypto-hardware;

• Authentication takes place on the drive and not the host system;

• Cost-effective in medium and larger application environments, easily scalable;

• Encryption is tied to a specific device, so encryption is “always on”;

• Does not require any type of driver installation or software installation on host PC; and

• Protects against the most common attacks, such as cold boot attacks, malicious code, brute force attack (certain models of encrypted USB drives also have anti-virus capabilities).

Software-based encryption:

• Shares computer’s resources to encrypt data with other programs on the computer—only as safe as your computer;

• Utilizes the user’s password as the encryption key that scrambles data;

• Can require software updates;

• Susceptible to brute force attack, computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter;

• Cost-effective in small application environments; and

• Can be implemented on all types of media.

Don’t ignore the serious risk of unencrypted USB drives. Keep data safe and out of the hands of people that want to harm your company, your workers, the country and fellow citizens. Insist that your utility uses encrypted USB drives.

Kingston Digital Inc. (KDI), with more than 30 years of experience, is the Flash memory affiliate of Kingston Technology Company Inc., an independent manufacturer of memory products. For more information, please visit www.kingston.com or call 800-337-8410.

About the author: Ruben Lugo is strategic product marketing manager of Kingston Technology.

More in Safety