Although physical theft or accidental loss of the device still has the potential to create a major inconvenience,...
the self-deleting feature is a good defense against physical theft of the device. The mechanism allows the device to erase all the data stored on it in the event of repeated attempts to access the data using the wrong password, which provides a lot of peace of mind when a device containing sensitive data goes missing. The feature, however, does underline the need for frequent backups.
Beyond combating simple physical theft, properly armored USB devices can defeat attempts to beat their encryption through physical access to the chips. And devices that contain their own keys have the potential to defeat attempts to capture keys from system memory. Note that the operative word here is "potential." I have not had a chance to conduct a thorough review of these devices, and so I can't say that they implement their encryption schemes in a foolproof manner. That's why I recommend that enterprises investigate them further before adopting.
Some of these devices are also sold with an online component to enable secure communications and backup of data and keys, as well as provide malware protection. Again, this sounds like a sensible approach, but real-world implementations would need to be tested before betting the security of your enterprise's data on them. And, of course, these devices are no defense against a user who is prepared to be dishonest and sell your data to a competitor. For example, I don't see anything in the default configuration of these devices to stop a user handing the encrypted drive to a stranger who then plugs it into his or her laptop, enters the whispered password and copies the targeted data.
Implementing this technology in an enterprise may hit practical limits in the area of price and capacity. I just checked the space used by what I consider essential content on my laptop, and it takes up more than 40 GB. That number does not include my 30 GB MP3 collection, but does include a fairly large photo collection that I could conceivably exclude from "essential work files." That means a 32 GB flash drive might work for me, and encrypted drives of this capacity are now available, although you pay a premium for high capacity. On the other hand, my work these days includes some storage-intensive video editing, so I might not be a typical enterprise user. The bottom line is that prices of these devices will continue to fall over time and capacities will increase, so they may fall into line with enterprise economics at some point in the not-too-distant future. Conducting an in-house trial of the technology before then may be the smart thing to do.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how password change frequency and reuse for third-party apps should be addressed in enterprise password policies.continue reading
In this introduction to database security, expert Michael Cobb explains the differences between relational database and NoSQL security.continue reading
Learn how a Web-based free spam-filtering service can secure email and prevent spam from attacking your enterprise.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.