The Kingston® Best Practice series is designed to help users of Kingston products achieve the best possible user experience. This edition of the Best Practice piece covers the differences between hardware-based and software-based encryption used to secure a USB drive.
USB drives have proven their value for companies of all sizes, in many important ways. These drives have delivered tangible benefits as file sharing and mobility tools, as backup drives and much more.
Due to the ease and mobility of today’s USB drives, sensitive and valuable data stored within the USB drive can be easily lost or stolen. To combat the disadvantages of using standard consumer USB drives for storing and moving business data, Kingston introduced a range of secure USB drives designed specifically for corporate use. These secure, encrypting USB drives have helped businesses large and small transport their mobile data securely and confidently. Encryption of the USB drives can be performed two different ways, on either the hardware or software.
Uses a dedicated processor physically located on the encrypted drive
Processor contains a random number generator to generate an encryption key, which the user’s password will unlock
Increased performance by off-loading encryption from the host system
Safeguard keys and critical security parameters within crypto-hardware
Authentication takes place on the hardware
Cost-effective in medium and larger application environments, easily scalable
Encryption is tied to a specific device, so encryption is “always on”
Does not require any type of driver installation or software installation on the host PC
Protects against the most common attacks, such as cold boot attacks, malicious code and brute force attacks
Shares computers resources to encrypt data with other programs on the computer – Only as safe as your computer
Uses the user’s password as the encryption key that scrambles data
Can require software updates
Susceptible to brute force attacks, computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter
Cost-effective in small application environments
Can be implemented on all types of media