Hardware vendors have begun creating external “padlocked” USB hard disks. These hardware encrypted disks contain a keypad that is integrated onto the outside of the drive. Those who want to gain access to data on the drive can do so only by entering the correct code on the keypad. These drives are being marketed as an alternative to using something like a BitLocker encrypted hard drive when traveling. As with any other storage technology, however, there are both advantages and disadvantages to using hardware encrypted disks to keep your data secure.
Hardware Encrypted Disks: No Software Required
One of the primary advantages to using a padlocked external disk is that you don’t have to worry about software compatibility. Most of the padlocked disks I have seen are designed to work without software, so you don’t have to worry about installing any special drivers or applications to make them work. The external hardware encrypted disks are ideal for use on non-Windows systems or on older Windows systems that do not support BitLocker.
In addition, because the disks are encrypted at the hardware level, there is no need to rely on users to enable encryption (and no risk of users disabling encryption in the name of convenience). Another potential use case for external hardware encrypted disks is situations in which an end user needs to keep data secure but lacks the proper device permissions to enable BitLocker encryption. Because a padlocked disk provides encryption at the hardware level, the user does not need any sort of special permissions to use it.
HIding in Plain Sight
One of the potential disadvantages of using a padlocked hard disk comes from its appearance: It’s like seeing a person with a briefcase handcuffed to their wrists--the assumption is that there is something really valuable in that case. The same goes for a disk with an integrated security keypads, which might make them more prone to theft.
In fact, most of the padlocked hard disks I have seen include an integrated self destruct feature. The idea behind this feature is that if a thief manages to steal the drive and attempts to unlock it by using a brute force effort against the disk’s keypad, the drive will eventually perform a secure erase operation on any data that may be stored within the drive.
Disk Self-Destruction: Double-Edged Sword
The integrated self-destruct capabilities offer some additional peace of mind that data will remain secure, even if the disk is stolen. However, organizations must consider the risk of data loss that could occur as a result of a user entering the incorrect unlock code multiple times. This issue could be particularly problematic if a user is working from multiple encrypted disks, each with its own unique access code.
A BitLocker encrypted drive, in contrast, is resistant to brute force attacks, but will not automatically destroy the data residing on the drive. This is good if you have users who are prone to forgetting how to log into a BitLocker encrypted drive and you have a backup copy of the BitLocker key. However, it’s bad in the sense that if a BitLocker disk is stolen, there is no way to know for sure that the thief will not be able to gain access to the data (although it is very unlikely that a brute force attack would succeed against a BitLocker encrypted drive).
With all things considered, padlocked hard disks are best suited for use in situations in which the data on the disk must be protected to a greater degree than what native tools are capable of doing. At the same time, though, organizations that choose to use external hardware encrypted disks must accept the risk of data loss due to a user entering an incorrect code repeatedly and activating the disk’s self-destruct feature. Of course, this risk can be mitigated by backing up data to a secure location.