USB flash drive and security - How to protect the contents of a USB stick

A USB flash drive (USB stick) is very useful when data needs to be transported from one place to another. A USB flash drive is lightweight and small in size and can for example be stored in a pocket or in a wallet. You can also store large amounts of data on USB flash drives, in some sticks up to 64 GB, so if you need to transport lots of data, using a USB stick can be very convenient.

 Security risks
USB flash drives are useful, but there are some security risks to consider when carrying a USB flash drive – it can be lost or stolen. This is really of great concern if the drive contains sensitive information, for example financial information, business plans, source code for software, employee data, technical drawings etc. To prevent that the information may end up in the wrong hands there are USB flash drives available that can protect the data that is stored on the drive. The data will be stored encrypted and nobody can access the data without correct password, pin code, fingerprint or other authentication information.

 Examples of USB flash drives (USB sticks) that can protect data
Below we will give some examples of USB flash drives where security has been in focus when they were constructed. They use all a hardware based system to protect the contents of the drive.
  
Sandisk Cruzer Professional (USB flash drive)Sandisk Cruzer Professional - USB flash drive
  
Sandisk Cruzer Professional uses a hardware based encryption system to encrypt data, and sensitive information is stored in a special password-protected partition on the USB flash drive. Less sensitive information can be stored in a public area for easy access and sharing. Strong 256-bit AES encryption is used to protect the data. Up to 8 GB can be stored on the USB stick.
  
More information
Cruzer Professional - USB Flash Drive for Businesses
 
Corsair Flash Padlock 2 (USB flash drive)Corsair Flash Padlock 2 - USB flash drive
  
Corsair Flash Padlock 2 uses a built-in 256-bit hardware AES encryption to protect data, and a 4-10 digit PIN code must be entered (directly on the USB stick) before data can be accessed. A ruggedized rubber cover protects the USB stick from accidental physical damage. Up to 16 GB can be stored on the USB stick.
  
More information
Corsair Flash Padlock 2 - USB Flash Drive
 
 
Kingston DataTraveler 5000 (USB flash drive)Kingston DataTraveler 5000 - USB flash drive
  
Kingston DataTraveler 5000 is a FIPS 140-2 level 2 certified USB flash drive that uses a hardware-based 256-bit AES encryption (in XTS mode) to protect data, which gives a very high level of security. The encryption functions in DataTraveler have been developed by Spyrus - a company that also makes secure USB flash drives. One of the customers to Spyrus is US Army, which has very high demands on security. You can read more about the Kingston and Spyrus co-operation here. Up to 16 GB can be stored on this USB stick.
  
More information
Kingston DataTraveler 5000 - USB Flash Drive
 
 
IronKey Enterprise S200 (USB flash drive)IronKey Enterprise S200 - USB flash drive
  
IronKey Enterprise S200 is a FIPS 140-2 level 3 certified USB flash drive, which will give a very high degree of security. IronKey Enterprise protects data using strong AES 256-bit hardware encryption, and a cloud-based system, named IronKey Enterprise Management Service, gives administrators full control of deployed USB flash drives over the Internet. An administrator can remotely disable devices and erase data if needed. IronKey Enterprise has also an active anti-malware protection built-in. Up to 16 GB can be stored on this USB stick.
  
More information
IronKey Enterprise - USB Flash Drive
 
   
There are more USB flash drives available on the market that can protect data. For example Kingston has also a USB stick (Kingston DataTraveler 6000) that is FIPS 140-2 level 3 certified. And there are also USB sticks with less security, and that uses software to protect data instead, like SanDisk Cruzer Switch.
  
The FIPS 140-2 Standard
 FIPS 140-2, that is mentioned in the text above, is a computer security standard that is used to accredit cryptographic modules. The FIPS 140-2 standard was created by NIST (National Institute of Standards Technology) and it specifies 4 different security levels:
 
Security level 1
This is the lowest level of security. At least one approved algorithm or approved security function must be used but no physical security mechanism is required beyond the basic requirement for production-grade components.
 
Security level 2
This is the second lowest level and it requires that it is impossible to open, or tampering with, the physical device without leaving traces.
 
Security level 3
Security level 3 requires that the device detects when somebody tries to open it and tries to protect the information in different ways.
 
Security level 4
This is the highest level of security and requires that all sensitive information (like cryptographic keys and authentication data) are immediately destroyed if an intruder tries to open the device or tries to get access to it in other way.
 
More information about FIPS 140-2 is available in this Wikipedia article. 

Software protection and encryption
 There are software security systems that can protect information without being dependent of hardware or depended of a specific USB stick manufacturer. The software solutions are in some cases less secure than hardware solutions, but mostly the security level they provide is enough for common use. One of the biggest advantages of using a software solution is that it is much cheaper. Secure hardware solutions are often quite expensive, so if you need to buy large quantities of USB sticks it will cost a lot if you choose USB sticks with hardware protection.

One example of a software solution is our tool SamLogic CD-Menu Creator that despite of its name also can be used with USB flash drives, and can be used to protect data on a drive. The tool has built-in functions for encryption and password handling, and these functions can be used to protect documents, pictures, drawings, videos etc. The security functions in CD-Menu Creator can prevent unauthorized access of files, if for example the USB stick is lost or stolen. All sensitive files are stored encrypted on the USB flash drive.

BitLocker To Go in Windows 7 can also protect a USB flash drive
BitLocker To Go is a new feature in Windows 7 that can be used to encrypt data on a USB flash drive. When you connect the USB drive to a computer with Windows 7 installed, you are prompted for a password, and you must enter the correct password to unlock the drive and access the contents. It is also possible to access the contents from Windows Vista and Windows XP, if you run special program named BitLocker To Go Reader that is distributed with the USB flash drive (it is installed automatically on the drive by Windows 7). But one difference, compared to Windows 7, is that you can only view files and copy them, but you cannot write any contents back. The USB flash drive will be read-only.
 
 
More information
Below, in the following Wikipedia article, you can read more about USB flash drives and security:
 
Wikipedia - USB flash drive security
 
  
  
Do you want to read more articles and tips?
 
If you want to read more articles and tips about USB flash drives and related topics you can follow us on Facebook or Twitter, or subscribe on our newsletter. You can also read our blog.
Visit our Facebook page Follow us on Twitter Visit our video channel on YouTube
  
Related products:
SamLogic CD-Menu Creator
SamLogic USB AutoRun Creator

Other articles
More articles are available from the article index page.
 
Protect Your USB Stick
 
A software solution that can protect files on USB flash drives.
  
> Read More Here
    
SamLogic
Article written by: Mika Larramo