The Kingston® Best Practice series is designed to help users of Kingston products achieve the best possible user experience. This edition of the Best Practice piece covers the differences between hardware-based and software-based encryption used to secure a USB drive.
USB drives have proven their value for companies of all sizes, in many important ways. These drives have delivered tangible benefits as file sharing and mobility tools, as backup drives and much more.
Due to the ease and mobility of today’s USB drives, sensitive and valuable data stored within the USB drive can be easily lost or stolen. To combat the disadvantages of using standard consumer USB drives for storing and moving business data, Kingston introduced a range of secure USB drives designed specifically for corporate company use. These secure, encrypting USB drives have helped businesses large and small transport their mobile data securely and confidently. Encryption of the USB drives can be performed two different ways, on either the hardware or software.
Uses a dedicated processor physically located on the encrypted drive
Processor contains a random number generator to generate an encryption key, which the user’s password will unlock
Increased performance by off-loading encryption from the host system
Safeguard keys and critical security parameters within crypto-hardware
Authentication takes place on the hardware
Cost-effective in medium and larger application environments, easily scalable
Encryption is tied to a specific device, so encryption is “always on”
Does not require any type of driver installation or software installation on host PC
Protects against the most common attacks, such as cold boot attacks, malicious code, brute force attack
Shares computers resources to encrypt data with other programs on the computer – Only as safe as your computer
Uses the user’s password as the encryption key that scrambles data
Can require software updates
Susceptible to brute force attack, computer tries to limit the number of decryption attempts but hackers can access the computer’s memory and reset the attempt counter
Cost-effective in small application environments
Can be implemented on all types of media
This program offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the program delivers precisely what your organization needs.
For added peace of mind, anti-virus protection is available on DataTraveler Vault Privacy 3.0. Powered by ESET NOD32® Anti-Virus Engine software, it’s easy to deploy, with no installation required.
Options are available to let you or your IT experts centrally manage drives to meet compliance requirements, remotely reset passwords, manage device inventory, enforce policies and more. Available through our partnership with DataLocker, the solutions include IronKey Enterprise management for IronKey drives and SafeConsole management for DataTraveler encrypted drives.
Organizations are tasked with the challenge of complying with an ever-increasing list of legislative requirements and protocols designed to protect sensitive data in transit and at rest, including:
Noncompliance can lead to loss of public trust and strict oversight or costly class-action lawsuits, and for companies that work with government agencies, noncompliance can disqualify them from working on government contracts.
Government agencies can use Kingston® IronKeyTM and DataTraveler® encrypted USB Flash drives to access data from anywhere. Federal law enforcement personnel can review and update case files in the field, while scientists, analysts and forecasters can access data sets from any location with a PC or tablet.
With these trusted Flash drives, contractors can work at agency offices while still having trusted access to data and agencies can maintain operations during disasters by putting critical data in the hands of key personnel.
For easy remote management, IT professionals can enforce access and use policies from a central console. IT can demonstrate best effort to comply with new and unsettled regulations, including the General Data Protection Regulation.
Healthcare agencies must comply with data security mandates such as:
It’s vital for hospitals, healthcare providers, insurers and pharmaceutical companies to take the risk out of mobility and to simplify HIPPA and GDPR audits.
With Kingston IronKey and DataTraveler Encrypted USB drives, doctors can securely and easily access patient data from anywhere. Temporary medical and pharmaceutical personnel can gain trusted access to applications and records when on assignment or working from home.
Clinical trial contributors, managers and auditors can securely enter or review trial data at any location with a PC or tablet, while insurance claims adjusters, examiners and investigators can have unlimited access to records.
Organizations can provide their key personnel with critical data to maintain operations if severe weather or other disasters strike.
The IT department can enforce access and use policies from a central console and demonstrate best effort to comply with new and unsettled regulations, including the GDPR.
Financial services companies are bound to comply with an expanding array of data security regulations and standards, including:
The cost of failing to comply with those regulations is significantly more than the cost of compliance. And failure to comply can impact your business when employees can’t work efficiently.
Kingston IronKey and DataTraveler Encrypted USB drives can help financial teleworkers safely access data and applications from home. Banks, insurers and others can equip contractors to work in the field without investing in notebooks or tablets.
Auditors can gain trusted access to sensitive data when on assignment or when working from home. Claims adjusters, examiners and investigators can have access to data and applications from the field.
In case of severe weather or other disasters, organizations can provide key personnel with access to critical data to maintain operations and the IT department can enforce access and use policies from a central console.
Get eight useful tips to help your organization keep confidential information confidential and to comply with regulations.
See a side-by-side comparison of these two popular data encryption methods.
Understand the difference between compliance and protection and what each means for your organization’s USB data storage strategy.
All Kingston encrypted drives use XTS encryption, which provides greater data protection over other block cipher modes such as CBC and ECB.
View the line up of Kingston’s line of DataTraveler and IronKey Encrypted drives to see which is right for you.
The EU GDPR passed the European Parliament in April 2016. The legislation, which applies to every organization that processes personal data of EU citizens, will take full effect in May 2018. In case of a data breach, businesses will face fines of up to 4% of their global revenue or €20 million (whichever is greater). Also, individuals will have to be notified in case their personal data has been compromised.
Employees can be negligent when using drives, thus putting sensitive data at risk. Establishing and enforcing policies defining the acceptable use of drives can help.
Kingston DataTraveler and IronKey drives use digitally signed firmware which makes them immune to changes to firmware that can allow a USB to become a host agent.
Issued by National Institute of Standards and Technology (NIST), FIPS validation entails coordinated requirements and standards for cryptography modules. By meeting the FIPS standards, Kingston and IronKey encrypted drives assure purchasers that they meet the criteria assigned.