Apple’s FileVault, which is included in the OS X operating system, provides free full disk encryption. Upon boot, the user is prompted for his or her passphrase. If the user forgets the passphrase, a disk recovery key can be used instead. It’s simple, effective, and transparent to the user.
Microsoft’s equivalent feature, BitLocker, is included in Windows 10 Professional, Enterprise, and Education editions. BitLocker tends to be more difficult to activate, in some cases requiring tweaking via the command line. As a result, some enterprise customers resort to third-party management utilities. Once configuration hurdles are overcome, BitLocker provides effective and unobtrusive disk encryption.
Protecting the computer’s internal storage is an essential first step. External storage also deserves careful consideration. USB storage devices are often targeted because users generally want their most important files with them, and the theft may not be immediately detected.
“We know that smaller devices like notebooks and tablets have always been prime targets because they’re easy to steal, and notebooks from professions like finance or medicine carry data of exponentially greater value for the bad guys and elevated financial damage for the victim,” said Walter Fiorentini, Marketing Manager at Apricorn.
Fiorentini pointed out that while the cost of data breaches continues to rise, secure solid state storage has become less expensive. For example, the Aegis 240GB Secure Key 3 was US $369 last year and is now US $299. The 30GB version is down to US$149 from$199. A larger portable product, the 1TB Fortress SSD was$829 a year ago, and now retails for $699.
From a security perspective, the Aegis line of products is hard to beat. Instead of entering a passphrase on the computer keyboard, where it could potentially be compromised by malware, users enter a PIN directly on the storage device. Fiorentini suggests that “the best practice for sensitive data handling is to keep it off of your computer and store in on a separate encrypted external drive that is software-free and shares none of its security parameters with the host.” That is good advice, especially since users can eject the drive when not using the data.
I tested and wrote about the Aegis Secure Key 3 last year (http://itincanadaonline.ca/index.php/columnists/eric-jacksch/1331-enter-the-pin-and-plug-it-in) and the device quickly became my preferred way to carry sensitive information. For the last two weeks, I’ve been testing the product’s big brother, the Aegis Padlock DT USB 3.0 desktop drive.
Unlike the very pocketable Secure Key 3, the Padlock DT is not intended to be portable. The 4.5” x 7.2” x 1.5” FIPS-140 Level 3 encrypted drive features an aluminum case, PIN keypad, USB 3.0 cable, and power supply. Like the Secure Key 3, the product is very easy to use. It took longer to crawl under my desk and plug in the power adapter than it did to create the master PIN and start using the drive.
The user experience is terrific: Enter the PIN followed by the unlock button and the drive is ready for use. Pressing the “cancel” button returns the drive to the locked state. There is no need to unplug the drive from the PC. If the USB cable is unplugged, or the computer turns off the hard drive after a period of inactivity, the DT automatically enters the locked state. Users and administrators can leverage this functionality to keep desktop storage secure.
The 4 TB Aegis Padlock DT USB 3.0 Desktop Drive retails for $379, making it a bargain for anyone who stores sensitive data on their desktop.
Have a security question you’d like answered in a future column? Email firstname.lastname@example.org
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…