Although physical theft or accidental loss of the device still has the potential to create a major inconvenience,...
the self-deleting feature is a good defense against physical theft of the device. The mechanism allows the device to erase all the data stored on it in the event of repeated attempts to access the data using the wrong password, which provides a lot of peace of mind when a device containing sensitive data goes missing. The feature, however, does underline the need for frequent backups.
Beyond combating simple physical theft, properly armored USB devices can defeat attempts to beat their encryption through physical access to the chips. And devices that contain their own keys have the potential to defeat attempts to capture keys from system memory. Note that the operative word here is "potential." I have not had a chance to conduct a thorough review of these devices, and so I can't say that they implement their encryption schemes in a foolproof manner. That's why I recommend that enterprises investigate them further before adopting.
Some of these devices are also sold with an online component to enable secure communications and backup of data and keys, as well as provide malware protection. Again, this sounds like a sensible approach, but real-world implementations would need to be tested before betting the security of your enterprise's data on them. And, of course, these devices are no defense against a user who is prepared to be dishonest and sell your data to a competitor. For example, I don't see anything in the default configuration of these devices to stop a user handing the encrypted drive to a stranger who then plugs it into his or her laptop, enters the whispered password and copies the targeted data.
Implementing this technology in an enterprise may hit practical limits in the area of price and capacity. I just checked the space used by what I consider essential content on my laptop, and it takes up more than 40 GB. That number does not include my 30 GB MP3 collection, but does include a fairly large photo collection that I could conceivably exclude from "essential work files." That means a 32 GB flash drive might work for me, and encrypted drives of this capacity are now available, although you pay a premium for high capacity. On the other hand, my work these days includes some storage-intensive video editing, so I might not be a typical enterprise user. The bottom line is that prices of these devices will continue to fall over time and capacities will increase, so they may fall into line with enterprise economics at some point in the not-too-distant future. Conducting an in-house trial of the technology before then may be the smart thing to do.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not ...continue reading
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.continue reading
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.