USB Secure Flash Drive Product Review

A vast majority of today’s workforce use USB memory sticks, they offer unequalled convenience for transferring data. In most situations, if the data is not confidential, a standard USB stick quite acceptable, but what do you use if your data is sensitive?

There are many different types of secure portable devices on the market, with different target certain security levels and users. Finding an acceptable level of security - choosing the appropriate device - will depend on your needs: a government organisation or high security business will be looking for sophisticated levels of protection, while the average user may simply want to be more secure transferring data via a USB device.

This review deals with products more suitable for the average user, someone who doesn’t want to leave their personal data vulnerable. But it is still relevant to IT departments and managers who issue USB devices to employees - we’ve all had occasion to borrow a colleague’s memory stick to transfer our files.

In this review, we look at six secure USB memory sticks to discover how suitable they are for an office environment, and some of the typical risks they should address.

Some USB sticks ship with built in security policies, but these policies are not always validated by a recognised authority. They level of security may be quite acceptable, but it is probably a better option to prioritise products that comply with any of the more widely accepted standards. FIPS (Federal Information Processing Standard - USA) and AES (Advanced Encryption Standard) are two of the main ones. A product with security compliance to these standards will meet your needs. All the products discussed here comply with one of these encryption methods.

Obviously, security is the most important factor in choosing a secure USB stick. So you’d be forgiven for assuming that files (stored or deleted) on a secure device were indeed secure. We undertook some very basic tests using just one freely available open source file recovery product to discover that secure is not always what we assume. The testing revealed some important weaknesses for some devices, while others provide a robust level of file protection.

How we tested
It is important to consider how these devices would be used in an office or home environment. In most offices it is common behaviour to lend USB sticks to colleagues. To interrogate weaknesses related to this behaviour we set up three simple tests.

Firstly, we created two MS Word documents - one that we opened from its location within the device under test (if possible), the second document was copied to the device without being opened. Both files were then deleted and the device’s password was changed. This mimic’s the possible behaviour of someone who has given their USB stick to another party. We then plugged the device in to a separate computer and scanned it without logging in to the device’s security/password system. No trace of the deleted files should be detected.  We wanted to see if files stored in or even deleted from the secure area of the device could be seen by anyone if they were to just pick up the device if for instance it had been dropped in the street.  The obvious hopeful outcome of this test was that no files would be found ensuring privacy.

For the second test we logged in (using the new password) and rescanned the device to see if we could recover the deleted files.  Our aim here was to find out if deleting files from the secure area of the device really did delete them in a secure manner or in the same way as a normal file is deleted and thus easily recoverable once logged in.

The third and final test was to reset or format the device using the options provided in the device menu, and then rescan one last time. This should also remove any trace of the files. If you were planning on giving away your USB stick to a colleague, this method would be commonly used to ensure no data is left behind.

Join the CSO newsletter!

Error: Please check your email address.

Tags Sandisk CruizerUSB memory sticksUSB Secure Flash Drivesecurity policiesVerbatimsecure portable devicesreviewIntegral Crypto DualKingston Data Traveler Vault PrivacyIntegral Secure 360securitySafe Stick

More about Advanced Encryption StandardAES EnvironmentalIPSKingstonSandiskVerbatim

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Enex Testlab

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts