Secure USB Flash Drives

What FIPS Level (If Any) Does Your Data Need?

Security features aren’t free. It’s somewhat counter-intuitive, but the right security level for you is the lowest one which meets your needs. So it’s important for you to identify those needs before you investigate products.

You need to consider security for just about every buying decision. Like everything else, security is a cost/benefit trade-off, and few types of data need top-of-the-line security features.

In the case of simple devices, like a USB drive, the only practical concern is that the drive could be lost or stolen and the data on it exposed. The best way to deal with this is by making sure that the drive uses hardware-based encryption and enforces the use of strong passwords. Another consideration is to set up a device-level central management program. Drilling down on the Secure USB drives, often times buyers place a high level of importance on the FIPS (Federal Information Processing Standards) certification level without having a clear understanding what these levels actually mean.

FIPS 140-2 describes security requirements for all types of hardware cryptographic modules. The specification defines four different security levels which may be met by conforming products, from level one to level four. Level one is the lowest, and it provides a moderate set of security features. Level four is the highest level, with the most stringent requirements for self-defense and other security characteristics. Levels two and three provide gradations of these requirements and form an often appealing middle ground. A For many device types, including USB Flash drives, the effective differences between levels are small and often irrelevant. Few users need security features which meet level 3 and many don’t need level 2. Many government contracts require certification of specific FIPS levels, for instance for wireless devices or encrypted hard drives. But if there is no requirement there may also be no need. In fact, many users’ security needs are satisfied by devices which don’t even have a FIPS certification. USB drives, for example, may not have a FIPS certification, but may still have enterprise-grade hardware encryption, central management and hardening against physical tampering.

Let us take a look at what FIPs certification levels are for USB drives. For drives that are certified at level two, if someone tries to physically open the drive, it will show evidence of tampering. In level three drives, this goes one step further and requires that the encryption “keys” to unlock the data are destroyed if someone tries to physically get into the drive.

What do you really get with the higher level of FIPS certification? The first thing you’re guaranteed to get is added cost, if only because the product has required additional in-company and outside testing. You may also pay for high-end security features that your users do not require. For level 3, your device may have different internal wiring to prevent someone from using special hardware to try and identify passwords being passed. Is this really a problem you need to pay extra to prevent? Level 3 will also assure you of a higher level of protection against electromagnetic interference (EMI) and compatibility. These standards are mostly designed to prevent interference with radio-frequency equipment like wireless networks and cordless phones, but as a security matter emissions from such devices can sometimes be used to read the data in use on them; hence the more stringent EMI standard required by higher FIPS levels. Should you pay anything extra for such protection?

Cracking the data out of even a non-certified encrypted drive is hard, and within the capabilities of few people. It would take considerable effort, more than anyone would expend to read a drive they found on the street.

Is your data worth that kind of effort? If you are storing high-value, highly-confidential data then perhaps it is. If not, and if you’re not mandated to buy a certain level of security features, then paying for additional protection is unwarranted.

Added Value
Secure Customisation Programme

This programme offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the programme delivers precisely what your organisation needs.
Learn more

Anti-Virus Protection
ESET Anti-Virus

Protect from WannaCry variants. For added peace of mind, anti-virus protection is available on DataTraveler Vault Privacy 3.0. Powered by ESET NOD32® Anti-Virus Engine software, it’s easy to deploy, with no installation required. Protect from malware/ransomware, viruses, spyware, Trojans and other Internet-borne threats.
Learn more

Management Solutions
Management Solutions

Protect from WannaCry variants. Options are available to let you or your IT experts manage drives centrally to meet compliance requirements, remotely reset passwords, manage device inventories, enforce policies and more. Available through our partnership with DataLocker. Solutions include IronKey Enterprise management for IronKey drives and SafeConsole management for DataTraveler encrypted drives.
Learn more

Learn More

Organisations are tasked with the challenge of complying with an ever-increasing list of legislative requirements and protocols designed to protect sensitive data in transit and at rest, including:

  • OMB M06-16 mandate
  • Federal Desktop Core Configuration (FDCC) mandates
  • Director of Central Intelligence Directive (CDID) 6/3
  • General Data Protection Regulation, designed to protect sensitive data at rest and in transit

Non-compliance can lead to loss of public trust and strict oversight or costly class-action lawsuits. For companies that work with government agencies, non-compliance can disqualify them from working on government contracts.

Government agencies can use Kingston® IronKeyTM and DataTraveler® encrypted USB Flash drives to access data from anywhere. Law enforcement personnel can review and update case files in the field, while scientists, analysts and forecasters can access data sets from any location with a PC or tablet.

With these trusted Flash drives, contractors can work at agency offices while still having trusted access to data and agencies can maintain operations during disasters by putting critical data in the hands of key personnel.

For easy remote management, IT professionals can enforce access and use policies from a central console. IT can demonstrate best efforts to comply with new and unsettled regulations, including the General Data Protection Regulation.

Health Care

Healthcare agencies must comply with data security mandates such as:

  • Health Insurance Portability and Accountability Act (HIPAA)
  • Health Information Technology for Economic and Clinical Health (HITECH) Act
  • Centers for Medicare & Medicaid Services (CMS) security requirements for Electronic Health Records (EHRs)
  • Evolving ASTM Standards for Medical Device Interoperability

It is vital for hospitals, healthcare providers, insurers and pharmaceutical companies to take the risk out of mobility and to simplify HIPPA and GDPR audits.

With Kingston IronKey and DataTraveler Encrypted USB drives, doctors can securely and easily access patient data from anywhere. Temporary medical and pharmaceutical personnel can gain trusted access to applications and records when on assignment or working from home.
Clinical trial contributors, managers and auditors can securely enter or review trial data at any location with a PC or tablet, while insurance claims adjusters, examiners and investigators can have unlimited access to records.
Organisations can provide their key personnel with critical data to maintain operations if severe weather or other disasters strike.

The IT department can enforce access and use policies from a central console and demonstrate best efforts to comply with new and unsettled regulations, including the GDPR.


Financial services companies are bound to comply with an expanding array of data security regulations and standards, including:

  • Gramm-Leach-Bliley Act (GLBA)
  • Sarbanes-Oxley Act (SOX)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • State Financial Data Privacy Acts
  • European Union Data Protection Directive (EUDPD)

The cost of failing to comply with these regulations is significantly higher than the cost of compliance. And failure to comply can impact your business if employees cannot work efficiently.

Kingston IronKey and DataTraveler Encrypted USB drives can help financial teleworkers safely access data and applications from home. Banks, insurers and others can equip contractors to work in the field without investing in notebooks or tablets.

Auditors can gain trusted access to sensitive data when on assignment or when working from home. Claims adjusters, examiners and investigators can have access to data and applications from the field.

In case of severe weather or other disasters, organisations can provide key personnel with access to critical data to maintain operations and the IT department can enforce access and use policies from a central console.

Data Security Centre: Technical Papers and Resources
Using and promoting encrypted USB Flash drives in your organisation

Get eight useful tips to help your organisation keep confidential information confidential and to comply with regulations.
Read article

Neutralising the USB Threat (in English only)
Neutralising the USB Threat
Getting a handle on the slipperiest drives. Do your employees and visitors who connect to your network ever use USB drives?
Read whitepaper
Hardware vs. Software Encryption

See a side-by-side comparison of these two popular data encryption methods.
Read article

Moving beyond compliance: Why “secure enough” isn’t enough
Moving beyond compliance:  Why “secure enough” isn’t enough

Understand the difference between compliance and protection and what each means for your organization’s USB data storage strategy.
Read brief

Locking IronKey and DataLocker Drives Remotely (in English only)
Locking IronKey and DataLocker Drives Remotely (in English only)

If a drive is lost or stolen, IronKey EMS or SafeConsole or can remotely disable it to protect sensitive data.
Watch Video

EU General Data Protection Regulation (EU GDPR) Effective: May 2018
EU General Data Protection Regulation (EU GDPR)  Effective: May 2018

Applies to every organization that processes personal data of EU citizens, will take full effect in May 2018. Organizations to implement and ensure a level of security appropriate to the risk, including…encryption of personal data" (Article 32, Security of processing)
Learn more

USB Alert: Locking Down Your Data (in English only)
USB Alert: Locking Down Your Data
USB drives can turn up anywhere - putting data at risk. How can IT deal with these risks, without completely forbidding USB drive usage and all its convenience?
Read article
XTS Encryption

All Kingston encrypted drives use XTS encryption, which provides greater data protection over other block cipher modes such as CBC and ECB.
Read article

Encrypted Comparison Chart

View the line-up of Kingston’s DataTraveler and IronKey Encrypted drives to see which is right for you.
View chart

Changing Password Policies for IronKey and DataLocker Drives (in English only)
Changing Password Policies for IronKey and DataLocker Drives (in English only)

A full range of password policies can be changed remotely, using IronKey EMS or SafeConsole.
Watch Video

New York Department of Financial Services (NYDFS - 23 NYCRR 500) Effective: February 2018
New York Department of Financial Services (NYDFS - 23 NYCRR 500) Effective: February 2018

Applies to every organization in New York that processes corporate / personal data. The proposal calls for organizations to encrypt sensitive data both in-transit and at-rest. (Section 500.15 Encryption of Nonpublic Information.)
Learn more

State of USB Drive Security

Employees can be negligent when using drives, thus putting sensitive data at risk. Establishing and enforcing policies that define the acceptable use of drives can help.
Read brief

Protect against BadUSB

Kingston DataTraveler and IronKey drives use digitally signed firmware which makes them immune to changes to firmware that can allow a USB to become a host agent.
Read brief

Resetting Your Password on IronKey and DataLocker drives (in English only)
Resetting Your Password on IronKey and DataLocker drives (in English only)

Passwords can be reset remotely or in person with IronKey EMS or SafeConsole.
Watch Video

FIPS Validation

Issued by the National Institute of Standards and Technology (NIST), FIPS validation entails coordinated requirements and standards for cryptography modules. By fulfilling the FIPS standards, Kingston and IronKey encrypted drives assure purchasers that they meet the criteria assigned.

Learn more

FIPS Certification
        Back To Top