To get started, click accept below to bring up the cookies management panel. Next, tap or click on the Personalization button to turn on the chat feature, then Save.
Many professionals, from doctors to attorneys to businesspeople, use password protection for .pdf or .xls files that they email to others, assuming the files are sufficiently protected from intruding eyes. However, regular password protection is less comprehensive than people think. There are better methods of securely password protecting files and drives.
At a basic level, password protection without encryption of the physical data is useless, as it’s an easily bypassed security method. When security professionals discuss password protection, it’s typically as the method for accessing the data only. The data will usually have its own physical protection against hacking: either software or hardware encryption.
We will explore the difference between password protection based upon software encryption or upon hardware-based encryption, such as on a hardware-encrypted USB or external drive.
There are significant differences between software encryption-based password protection and hardware-based encryption Encryption is an essential tool for protecting user data with a unique password, but are hardware-encrypted drives better at protecting your private data than software-encrypted files or drives? What’s the most effective way to protect, for example, your personal accounting in the run-up to tax season from theft, loss, or hacking?
Password-protected files
Many applications (such as MS Word, Excel, Adobe Acrobat, etc.) provide the option to create “password-protected” files. Applications will implement some form of software encryption on the files to physically protect the data. On occasion, the level of encryption is not specified, so users are unaware what mechanism is used on the actual data itself, beyond the added password protection. Windows also offers BitLocker software encryption capable of encrypting either drives or files on computer drives. The latest BitLocker versions support state-of-the-art Advanced Encryption Standard (AES) 256-bit in XTS mode, which is the standard you should insist upon.
BitLocker is one example of a software tool that provides software encryption by encrypting data and locking it behind a password gate. With the encryption in place, file data is scrambled by an algorithm (AES is one example) as it’s written to the drive. When a user inputs the right password, the data is unscrambled as it’s read from the drive.
Developers like software encryption because it’s inexpensive to implement, needs no specialist hardware, and has encryption software, which is easily licensable if needed. With these benefits, though, comes the downside: If a user’s password is compromised by hackers who can sniff a computer’s memory for the password or encryption and drive recovery keys, the encryption’s benefit is negated. Another issue is that software encryption requires your computer’s processing power to operate. If a user opens or closes large, encrypted files like images or videos, it can influence system performance.
Software encryption can be suitable for users for whom data security is an afterthought, or a ‘nice-to-have’. In those cases, the software encryption tools available to password-protect files should be good enough for your computer, emails, or cloud account.
However, software encryption does not limit password guessing, also known as Brute Force or Dictionary attacks, where a hacker uses a process of elimination and automated tools to break passwords. The internet has many tools to remove passwords on many kinds of files and decrypt their data. With most passwords today about 8 characters long, high-performance computers can guess over a billion passwords per second, meaning many software encrypted files can be quickly unlocked, their data compromised. Experts recommend that people move to passwords at least 12 characters long, to slow down hackers attacking software encryption.
The solution is to use hardware-encrypted USB and external SSDs to secure your data. They protect against Brute Force attacks with the best AES 256-bit encryption in XTS mode. You can also make Brute Force attacks less effective with complex passwords longer than 12-16 characters, or passphrases of multiple words, with a total length exceeding 12 characters.
Hardware encryption
Hardware encryption is powered by a separate secure microprocessor dedicated to user authentication and data encryption, unlike software encryption. People consider it more secure because its processes are separate from the rest of the computer, and therefore exponentially harder to intercept or attack. This degree of separation for the processor means the encryption processes are also much faster, as a hardware-encrypted device handles all data processing.
Hardware-encrypted drives are more expensive than software encryption options, as they contain advanced components, more sophisticated technology, and are designed from the ground up as data protection devices (unlike unencrypted alternatives). Typical USB devices are simple storage devices with no security measures, while hardware-encrypted drives are built solely to protect data, like an insurance policy against drive theft or loss.
Companies in compliance with privacy laws and regulations (e.g. HIPAA, GDPR, CCPA among others) can find the legal costs of a breach caused by a standard USB drive loss or theft to be many orders of magnitude more expensive than the costs of a hardware-encrypted drive. The impact of increasing data breaches worldwide is driving up costs and requires stronger data protection.
It ultimately comes down to what price you put on your most sensitive personal data.
Benefits of hardware-based encryption
There are multiple reasons to recommend hardware-based encryption:
Harder to attack: Drives like those in the Kingston IronKey line are designed to be resistant to hacker attacks, unlike software encryption options. They have additional protections against methods like Brute Force password attacks. Hardware-based encryption can count total password attempts, ultimately crypto-erasing the drive after a certain number. Cybercriminals tend to prioritize hacking software-based solutions, as lower-hanging fruit.
Physically and digitally resilient: Hardware-encrypted drives with military-grade security as defined by the NIST FIPS 140-3 Level 3 standard for the United States government have added protections against physical tampering. They use epoxy to form a protective seal around a drive’s internal components, making them more resilient against physical attacks. The best-in-class IronKey D500S and IronKey Keypad 200 Series with FIPS 140-3 Level 3 (pending) certification are epoxy-filled inside the casing, incorporating various defenses against attacks. These defense mechanisms, including shutting down when excessive temperatures or voltages are reached, power-on self-testing to detect anomalies and shut down if positive, and other penetration-testing defenses, are mandated by the FIPS 140-3 Level 3 standard.
For a drive to receive FIPS 140-3 Level 3 certification, drives must undergo the best third-party validation in the computer industry: being thoroughly reviewed and tested by a NIST-certified lab. NIST is responsible for the AES 256-bit encryption used by US government agencies. FIPS 140-3 Level 3 certification can take years to achieve and represents a trustworthy stamp of approval for customers, signaling a product that’s extremely resilient to attacks and helpful in regulatory compliance.
Portable: While you might not always be able to transport a desktop or laptop computer, hardware-encrypted USBs or external SSDs are easy to carry everywhere. No need to risk emailing financial documents to an accountant or attorney or storing sensitive data on the cloud – you can keep private data off the grid, securely in your possession. An external drive like the IronKey Vault Privacy 80ES gives you the option of backing up as much as 8TB of data away from the Internet in a location you control.
Compliance with Laws and Regulations: Data encryption is a requirement in many contexts. For example, HIPAA in US healthcare, GDPR in the European Union, and more besides. Kingston IronKey drives can help with compliance since data on them is always encrypted. Complex password/passphrase authentication gates access to the drive (Kingston IronKey drives support passphrases of up to 64 characters, and 128 for the D500S). Brute Force attack protection counters penetration attacks, and if password hacking is attempted, the drive can wipe its data and reset to factory state.
Recovering data
Data recovery is another point of distinction for hardware- and software-based encryption tech. Microsoft BitLocker has a Recovery Key to be printed or saved for later use. Kingston IronKey drives offer a multi-password option so that the drive can be accessed if one or more passwords are lost.
With ransomware attacks rising, regular backups are critical to data recovery. For all encryption choices, the best solution is a 3-2-1 backup strategy. Make 3 copies of the data, 2 different media or drives in case of single drive failure or corruption, store 1 drive in a different location. For backups, the IronKey VP80ES is a good solution, ranging from 1TB to 8TB in capacity. Most IronKey USB drives go up to 512GB.
Cloud-based backups are used by some, but risk exposure to breaches associated with cloud storage, and other security issues. Cloud data storage is essentially storing your data on someone else’s computer. If the cloud backup isn’t accessible when needed, your data recovery and resumption of business activity could be delayed. Cloud providers have been reported to be hit by ransomware attacks too, which can delay a user’s access to their data. Hardware-encrypted solutions offer more robust and comprehensive data protection than software-based options, for true “password protection” of essential files. Ultimately, it comes down to the value you place on your documents and how much protection you require.
The right way to securely store and access your files
For creatives producing content for high-profile clients, encrypted storage can secure your important files and help you fulfil your security responsibilities.
Organizations must consider revenue, profit, and risk equally in order to mitigate data security & cyber security risks. In this article, industry expert Bill Mew provides an insight into this topic.
Choosing the right SSD for your server is important since server SSDs are optimized to perform at a predictable latency level while client (desktop/laptop) SSDs are not. These difference result in better uptime and less lag for critical apps and services.
What strategies can organizations use to best secure customer data in a post-GDPR world with the ever-evolving nature of cyber security threats? Kingston pooled the knowledge of some of the UK’s most experienced commentators in cyber security to discuss how data protection has changed since the introduction of GDPR.
You already know that remote working is a business enabler. But the challenges posed to your network security and compliance with GDPR are too big to ignore.
The recent WannaCry ransomware made global headlines infecting and alerting everyone from government, healthcare, communication providers, automotive companies to corporations and the general public of their vulnerabilities.
Overall, Kingston / IronKey Encrypted USB Drives prove to be the best solution in reliability, compatibility and security for portable data protection solutions.
End-to-End Data Protection protects customer’s data as soon as it is transferred by the host system to the SSD, and then from the SSD to the host computer. All Kingston SSDs incorporate this protection.
This program offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the program delivers precisely what your organization needs.
Case in point, Heathrow Airport in London (October 30, 2017) uses Unencrypted USB Drives for its non-cloud storage. Unfortunately, they were not standardized on Encrypted USB drives. Their lack of implementing proper standards in data security / data loss protection with encrypted USB storage has now cost the EU a major breach of confidential and restricted information.
Linus breaks down hardware encryption making sure your files are safe and secure, especially when you're on the go. Make sure your portable storage is also safe and encrypted with Kingston Encrypted USB drives.
Testing is a cornerstone of our commitment to deliver the most reliable products on the market.
We perform rigorous tests on all of our products during each stage of production. These tests ensure quality control throughout the entire manufacturing process.
NVMe (Non-Volatile Memory Express) is a communications interface and driver that defines a command set and feature set for PCIe-based SSDs with the goals of increased and efficient performance and interoperability on a broad range of enterprise and client systems.
