USB Secure Flash Drive Product Review

A vast majority of todayrsquo;s workforce use USB memory sticks, they offer unequalled convenience for transferring data. In most situations, if the data is not confidential, a standard USB stick quite acceptable, but what do you use if your data is sensitive?

There are many different types of secure portable devices on the market, with different target certain security levels and users. Finding an acceptable level of security - choosing the appropriate device - will depend on your needs: a government organisation or high security business will be looking for sophisticated levels of protection, while the average user may simply want to be more secure transferring data via a USB device.

This review deals with products more suitable for the average user, someone who doesnrsquo;t want to leave their personal data vulnerable. But it is still relevant to IT departments and managers who issue USB devices to employees - wersquo;ve all had occasion to borrow a colleaguersquo;s memory stick to transfer our files.

In this review, we look at six secure USB memory sticks to discover how suitable they are for an office environment, and some of the typical risks they should address.

Standards
Some USB sticks ship with built in security policies, but these policies are not always validated by a recognised authority. They level of security may be quite acceptable, but it is probably a better option to prioritise products that comply with any of the more widely accepted standards. FIPS (Federal Information Processing Standard - USA) and AES (Advanced Encryption Standard) are two of the main ones. A product with security compliance to these standards will meet your needs. All the products discussed here comply with one of these encryption methods.

Security
Obviously, security is the most important factor in choosing a secure USB stick. So yoursquo;d be forgiven for assuming that files (stored or deleted) on a secure device were indeed secure. We undertook some very basic tests using just one freely available open source file recovery product to discover that secure is not always what we assume. The testing revealed some important weaknesses for some devices, while others provide a robust level of file protection.

How we tested
It is important to consider how these devices would be used in an office or home environment. In most offices it is common behaviour to lend USB sticks to colleagues. To interrogate weaknesses related to this behaviour we set up three simple tests.

Firstly, we created two MS Word documents - one that we opened from its location within the device under test (if possible), the second document was copied to the device without being opened. Both files were then deleted and the devicersquo;s password was changed. This mimicrsquo;s the possible behaviour of someone who has given their USB stick to another party. We then plugged the device in to a separate computer and scanned it without logging in to the devicersquo;s security/password system. No trace of the deleted files should be detected. We wanted to see if files stored in or even deleted from the secure area of the device could be seen by anyone if they were to just pick up the device if for instance it had been dropped in the street. The obvious hopeful outcome of this test was that no files would be found ensuring privacy.

For the second test we logged in (using the new password) and rescanned the device to see if we could recover the deleted files. Our aim here was to find out if deleting files from the secure area of the device really did delete them in a secure manner or in the same way as a normal file is deleted and thus easily recoverable once logged in.

The third and final test was to reset or format the device using the options provided in the device menu, and then rescan one last time. This should also remove any trace of the files. If you were planning on giving away your USB stick to a colleague, this method would be commonly used to ensure no data is left behind.

Page Break

Verbatim Secure lsquo;nrsquo; Go

Overview
Verbatimrsquo;s Secure lsquo;nrsquo; Go USB stick feels really solid. Its rugged plastic casing gives the impression of being highly resistant to damage. The interface connection is also partly protected by a retractable cover but the socket opening is still uncovered and so is still plausibly prone to foreign debris intrusion.

Installation
When you first plug in the device it takes a while to come to life. We actually had to check to see if it had been inserted correctly. This delay was probably due to the slower initial detection speeds of secured devices, compared with the speed of standard USB sticks that wersquo;re more used to. On subsequent attempts it was detected straight away.

Setup is easy, you only have to enter a password, apply and finish. It then asks you to log in using your new password and the process is complete.

Password Strength
There is no password policy enforced on this device. There are also no password restrictions or warnings about weak passwords. The device allowed the simple and weak password ldquo;testrdquo; to be used. This could pose a problem if it is lost.

Encryption space
Like most of the other devices in this review, its advertised capacity is 4GB, although the actual available space for storage is 3.71GB.

Files
Add, Remove, Delete
Once you access the device, the mounted drive presents you with a standard Windows Explorer feature set. Navigating is familiar and easy.

Editing files
The device uses Windows Explorer, so editing files stored in the secure area is quick and easy. Changes can be made and saved without fuss.

Access
The device is fully encrypted so cannot be accessed without using the log-in application. Once logged-in the device mounts the storage area as a separate drive. To access this drive you have to navigate back to My Computer, select the F: drive (as it presented on the test PC). It would have been preferable to see the storage area automatically launch on login.
Once logged-in, you stay logged in to the secure area until you either exit using the system tray icon or remove the drive. Closing the window on this device does not lock the secure area.

Security
This device is fully encrypted. Our first test did not detect any files while the device was logged-out.
Once logged-in the second test successfully located the deleted files (in exactly the same way as any other storage device).
Using the lsquo;reset to factory defaultsrsquo; function, the recovery software could not find any files.

Page Break

Safe Stick

Overview
This is a slim device and, unlike others in this review, would be possible to use in closely located USB slots. This is a requirement that USB vendors and PC manufactures often forget.
It could also be quite easy to lose the end-cap on this device, because it doesnrsquo;t seem very secure.

Installation
As with most of these devices, installation is simple and straight forward. Windows installs the necessary drivers and you are in business.

Password Strength
The Safe Stick has one of the best password policies of the devices tested. It requires at least eight characters which must be a combination of upper and lower case, and include at least one digit. It wonrsquo;t allow you confirm the password until the rule is met. Test1234 or Testing1 are examples of the minimum level complexity. It also allows special characters (such as Testing1!) to make passwords more secure, but they are not mandatory.

Encryption space
This is one of the smallest devices under review at just 2GB. With the preloaded documents and vault area you have just 1.80GB storage area.


Files
Add, Remove, Delete

Like the other devices, the Safe Stick opens up in a standard Windows Explorer browser and allows you all the functionality yoursquo;d expect from Windows.

Edit
Because you are using the Windows environment, editing files on the device is straight forward. Itrsquo;s exactly the same as editing any other file on your PC.

Access
A great advantage of the Safe Stick is that once you enter your password, the secure file space is automatically opened so that you donrsquo;t have to navigate back to my computer to find it.
If you close the window you can still access it by clicking the icon in the system tray, this reopens the secure space but does not ask for any security details - it is treated as a normal drive once you are logged in. To secure the drive you have to choose the lock option in the device menu or remove the device from the port.

Security
This is a mountable device, so like the others in this review, our first test didnrsquo;t detect any files.

Test two correctly revealed the deleted files.

The devices has an easy to use lsquo;reset to factory defaultsrsquo; function, so test three was also unable to detect the files.

Page Break

Sandisk Cruizer

Overview
This is the smallest (physically) device in the review. Fashionable people wouldnrsquo;t mind being seen with this on their key ring.
The Sandisk Cruizer is the first of two products in this review that offer both secure and non-secure storage.

Installation
This is simple, Windows installs the necessary drivers and you running.

Password Strength
The security policy on this device requires that you have at least six characters containing both letters and numbers. You are not forced to mix upper and lower cases, and it happily let us use test12 as a password.

Encryption space
The encrypted area does not show up in My Computer, it has its own application interface. The whole drive space is 4GB, you are offered 3.73GB storage shared between secure and non-secure areas.

Files
Add, Remove, Delete

The Sandisk Cruiser interface gives you all the drag and drop, copy/paste features yoursquo;d expect, and it also has an add files button that allows you to browse your PC to select the required file locations.
We did notice that dragging a file from the non-secure area to the vault area would only copy. The original is left in the non-secure area and has to be deleted as a separate action.

Edit
Opening files in the vault area gives you read-only access. To edit files you must copy them back to your PC or the unsecure area of the memory stick. This could be a little annoying if you are in a rush.

Access
Access to the device is the same as any USB memory stick. This device allows both secure and non-secure storage. To access the secure functionality you have to select the dedicated application and log in.
If you close the vault window you can still access it using the icon in the system tray or the application icon from the non-secure folder. You will have to re-enter the password to gain access.

Security
This device looked good under test until we noted a minor flaw. During the scanning for first test one we found the deleted file open in a folder called ldquo;to removerdquo;. We were able to recover this file and read its whole content. We repeated this test a further two times, and on these occasions we were not able to find any deleted files, so we have to conclude that it is a secure drive but may not be efficient with its garbage collection. No other files in the secure area were visible.

There is no obvious way to reset the device back to its default settings once it has been set up. It is easy to change the password, but if you were to upgrade and want to pass it on to another user, we would want to reformat it first.

Page Break

Integral Secure 360

Overview
The first thing we found with this product was that it felt like it should be inserted upside down. The device has a swivel cover with the company logo on one side. Counter-intuitively, when you insert the device the logo has to face down. On some products this wouldnrsquo;t be an issue, the case would not allow this to happen, but this one doesnrsquo;t really prevent it. Still, it will only fit one way.
It is another product that offers both secure and non-secure storage.

Installation
Again simple and straight forward, Windows installs the necessary drivers.

Password Strength
The device only requires that the password is six characters long. It does not enforce any combinations of upper or lower case letters or numbers, but it does support combinations of these and it also supports special characters.

Encryption space
The device is roomy 8GB and shares this space between secure and non-secure areas. The actual space offered by the device was 7.45GB due to the software and user manuals onboard.

Files
Add, Remove, Delete

For the non-secure area you have the standard Windows Explorer functionalities. For the secure area the application launches its own interface. You can use this in a number of ways, it has a tree structure on the left side of the screen and the secure folder on the right. You can drag and drop from your PC or from the application itself. Dragging files from the secure area copies files but does not move them. To delete files you can either right click and use the menu option or select and press the delete key - all quite standard.

Edit
Double clicking on a file in the secure area opens it and allows you to edit in situ. The updated file automatically saves as it would in a non-secure location.

Access
Because this is a dual purpose drive, you can access it as soon as it is inserted to the PC. The secure area is accessed via the application.
If you choose to close the application window you will have to log in again via the application to view it - it locks each time on closure.

1 2 Page 1
Page 1 of 2
The 10 most powerful cybersecurity companies