Hardware- vs Software-Based Encryption
The Kingston® Best Practice series is designed to help users of Kingston products achieve the best possible user experience. This edition of the Best Practice piece
covers the differences between hardware-based and software-based encryption used to secure a USB drive.
USB drives have proven their value for companies of all sizes, in many important ways. These drives have delivered tangible benefits as file sharing and mobility tools, as backup drives and much more.
Due to the ease and mobility of today’s USB drives, sensitive and valuable data stored within the USB drive can be easily lost or stolen. To combat the disadvantages of using standard consumer USB drives for storing and moving business data, Kingston introduced a range of secure USB drives designed specifically for corporate use. These secure, encrypting USB drives have helped businesses large and small transport their mobile data securely and confidently. Encryption of the USB drives can be performed two different ways, on either the hardware or software.
- Uses a dedicated processor physically located on the encrypted drive
- Processor contains a random number generator to generate an encryption key, which the user’s password will unlock
- Increased performance by off-loading encryption from the host system
- Safeguard keys and critical security parameters within crypto-hardware
- Authentication takes place on the hardware
- Cost-effective in medium and larger application environments, easily scalable
- Encryption is tied to a specific device, so encryption is “always on”
- Does not require any type of driver installation or software installation on the host PC
- Protects against the most common attacks, such as cold boot attacks, malicious code and brute force attacks
- Shares computers resources to encrypt data with other programs on the computer
– Only as safe as your computer
- Uses the user’s password as the encryption key that scrambles data
- Can require software updates
- Susceptible to brute force attacks, computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter
- Cost-effective in small application environments
- Can be implemented on all types of media