Published: 10 Jan 2009
| IT COMPLIANCE
The GoldKey Secure USB Token works with Windows and Macintosh operating systems to provide a secure place to stash encryption keys for virtual disks. By keeping encryption keys on a small, removable USB token, GoldKey simplifies the task of locking away important information on laptops and encourages good security behaviors.
GoldKey takes on one of the most difficult tasks in hardware-supplemented encryption by providing a manageable hierarchy of master keys, group encryption keys, and the ability to duplicate tokens.
We had no problems in our tests of GoldKey USB on Windows and Mac laptops. Everything worked as advertised without any problems or bugs.
One of the main concerns about encrypted virtual hard drives is the impact on system performance. We tested a GoldKey encrypted virtual disk against one using the operating system's native encryption system (both Windows XP and Mac OS X), as well as a local laptop drive. On our ThinkPad laptop running Windows, the GoldKey disk was about 50 percent faster than a drive encrypted using Windows tools, and about the same speed as the local 7200 rpm laptop drive. On a MacBook Pro, GoldKey was 75 percent faster than the native OS X encryption, although about 60 percent slower than the local 7200 rpm laptop drive. Windows users should see little performance impact in modern laptops.
One of GoldKey's unique features is the ability to use group encryption keys as well as personal encryption keys. A virtual disk may be encrypted by one member of a team, with full access by other members in the same group. GoldKey provides a basic management tool that makes management of groups and group memberships easy.
GoldKey also supports master and grand master keys, as well as the ability to duplicate tokens. Together, these tools help eliminate one of the greatest fears of encrypted data: permanently losing the key. While GoldKey's mechanisms won't scale up to a Global 100 enterprise and don't integrate with the corporate directory, they are easy to use and simple enough for fairly large deployments.
However, be aware that GoldKey doesn't have any online magic to access controls. You can't remotely revoke privileges to read or write a volume from someone, and if someone loses an encrypted volume and token, and writes down the password to the token, whoever finds all three will have full access to the volume. GoldKey doesn't protect you against rogue employees, just forgetful ones.
While testing GoldKey, we kept hoping it would do more than it does-but it doesn't. Features such as auto-lock of laptop and encrypted drives when the token is removed are present, but they can't be centrally controlled or locked. Other common features, such as automatic timeout to require reauthentication, aren't available. While you can email around GoldKeyencrypted volumes, there is no real integration with any application other than the file system.
While GoldKey is far from a do-everything desktop security solution, it handles the problem of key management for encrypted volumes very well.
Testing methodology: We used MacBook Pro and IBM ThinkPad X61 laptops to test the GoldKey USB key. We encrypted volumes and used them for day-to-day operations for a week. In addition, we used simple benchmark tools to compare performance of GoldKey USB, native O/S hard drive and native encrypted file systems.