Encrypted Hard Drives, Who Uses Them, and Why

As data protection concerns rise and compliance regulation increases, the use of encrypted hard drives elevates right along with them. We’ve all seen them, and maybe you even use one. But why? 

In an age of hyperconnectedness and mass cloud storage, are these little hardware devices old school technology? Most assuredly, they are not.

At Brilliance Security Magazine, we are regularly approached by hardware and software providers and entreated to take a look at their solution and write about it. Encrypted hard drives are no exception. There are several on the market, so when we were afforded the opportunity to sit down with Sunil Mohinani, IT Manager for DataLocker, at the recent RSA Conference, we were delighted. 

In addition to understanding the various types of encrypted hard drives available on the market today and their capabilities, we wanted to learn who uses these devices and why. 

There are two basic types of encrypted mobile devices. There are hard drives and flash drives. Each of these can be either PIN pad equipped or non-PIN pad. As you might expect, there are many combinations of the various types and features, but at a high level, non-PIN pad devices are for stand-alone use and require no software or drivers on the computer to which they are connected. Just enter the correct PIN, and you have access to the data on the device. These are OS agnostic devices. 

This lack of dependence on a specific OS is helpful if the device is to be used with a Chromebook, an ATM, or some other computerized equipment not running Windows or Mac OS. 

Some of the key features you should expect to find, at least on the DataLocker PIN pad devices include:

  • No software or drivers
  • Supports alpha and numeric based passwords, plus the # and * characters
  • AES 256-bit XTS mode encryption.
  • Self destruct security mode (mitigate brute force hacking)
  • Keypad randomization (mitigate surface analysis)
  • Super-speed USB 3.0 interface (compatible with USB 2.0)
  • Rapid, secure wipe (rapid key zeroization)
  • Supports an administrator password (full permissions) and a user password (limited permissions)
  • Removable silicone protective guard

Non-PIN pad equipped devices, on the other hand, require management software to gain access and provide a host of other management features. They shine when the organization needs more flexibility regarding who uses the device, where and when it can be used, and the ability to restore passwords or wipe data from the device. 

DataLocker’s management software is called SafeConsole. SafeConsole allows the user’s administrators to gain complete and granular control over all of the encrypted USB flash drives and portable hard drives owned by the enterprise.

SafeConsole allows admins to enforce policies such as password rules, file-type restrictions, or geographic boundaries. They can reset passwords, switch devices to read-only more, and remotely wipe them if they are lost or stolen. 

View the short video below to gain a better understanding of DataLocker’s SafeConsole management tool. 

Sunil explained to us that there are essentially five vertical markets that typically use these encrypted mobile devices. These are Government & Military, Finance, Energy, Legal, and Healthcare. He said, “Each of these vertical markets have a responsibility to protect sensitive data. They have compliance and legal restrictions around how their data is handled. There are often audit requirements, as well.” 

He acknowledged that not all data for general business or personal use requires the level of protection provided by these devices. Still, more and more users are finding that the simplest and most effective way to manage their critical sensitive data is to keep it locked down with hardware encryption. He said, ” It’s simple, and it’s safe. That’s what many users are looking for.”

From a convenience perspective, we were struck with the idea of using these devices instead of packing a laptop computer when traveling. The use of a PIN pad enabled device would make a commonly shared computer in a library, hotel, or customer’s site, for example, safe for accessing encrypted data on the device. 

Steven Bowcut is an award-winning journalist covering cyber and physical security. He is an editor and writer for Brilliance Security Magazine as well as other security and non-security online publications. Follow and connect with Steve on Twitter, Instagram, and LinkedIn.