USB Data Security

      How to improve your USB data security

At this year's CES Samsung showed off its 2TB T3 portable SSD drive (following on from the T1). This solid state drive with its massive storage capability, fast read/write speeds and form factor that is smaller than the average business card (weighing just 51 grams), means that mass storage just became even more portable.

Having the ability to store this quantity of data presents a major benefit for all businesses, but also a challenge when it comes to data security. With easy storage and portability comes a responsibility to ensure sensitive business data that can be placed on portable devices like the T3 is safe and secure.

Thankfully the T3 comes with AES 256-bit hardware encryption that is compatible with all major operating systems. Unfortunately, many businesses still fail to have a robust data security management system in place that ensures protocols are followed to protect sensitive information.

As there are a number of USB devices out there with differing levels of protection, the question is which one of these devices should your business trust with its precious data? The main suppliers to pay attention to are:

* Kingston Digital (Iron Key Products)
* Verbatim
* SanDisk
* Kanguru

All of these vendors offer a range of USB storage drives with varying levels of storage capacity and data encryption. The latest Data Traveller 2000 drive from Kingston features 256-bit encryption and a keypad for a PIN number (pictured top), which includes technology licensed from ClevX that offers high levels of virus protection.


Protecting data
For businesses there are basically three ways to protect the data that is stored and transported on a USB drive or portable hard drive.

1. Encrypt the data before storage
The first line of defence is to encrypt data before it is saved to the USB device. Systems such as Privacy Drive and Kruptos 2 are desktop services which do this.

This adds a responsibility to use the application to encrypt the data, and of course the application needs to be installed on all devices that the USB drive could be used with in order to decipher the data when it needs to be read. However, this can give your business peace of mind when sensitive data needs to be transported.

2. Encrypt data on the USB drive
The vast majority of the secure USB drives available will have encryption services built in. When the drive is used and data copied to it, the encryption automatically takes place.

This ensures a level of security for your data is always present, but this doesn't protect against malware, for example, which is notorious for using USB drives to spread to other PCs. Your business should have scanning software which automatically checks any external devices that connect to your business network for viruses or malware.

3. Encryption with hardware
Using a hardware solution to protect the data stored on the USB drive is also possible. In the past fingerprint scanning devices have been built into the drives, but today these have largely disappeared in favour of a keypad for a PIN number. As already mentioned, the leader here is the Data Traveller 2000 from Kingston.

Six key stepsWhere USB drives are concerned, your security policy should include the following steps:

1. That no personal drives should be connected to any of your business computer systems or network, as this could infect your systems with viruses or malware.

2. Only USB drives secured from your IT department should be used. These should all be tracked to ensure your business knows at any given time who is using which drive and for what purpose.

3. All data that is transferred to a USB drive should be encrypted to 256-bit AES standards. Ensure that the encryption process is automatic to avoid this being forgotten and the copied data becoming vulnerable. Also, use hardware encryption and not just software encryption to give maximum protection. 

4. Data that is transferred to a USB drive should be backed up to ensure that if lost or damaged, the copied data can be recovered.

5. Drives should have the ability to be remotely terminated. This allows your IT department to disable a USB drive that is, for instance, still in the possession of an ex-employee. Data can also be time-expired to ensure it can't be copied back to your network storage.

6. If a large number of USB drives will be in use, look for a vendor that offers a central control panel. This allows your IT department to update encryption, passwords and other authorizations remotely.
For business users the USB device in all its forms has provided a cheap and convenient way to store and transport data. However, in a world where cyber-security should be on every company's agenda, ensuring these devices are used securely and are protected from infection from viruses and other malicious code is vital to your business.