Monday, 15 June 2015

Keeping your portable data "secure"

I recently attended the Info Security Europe conference held at Olympia, London. It was a huge three-day event (although I only went on the first day) with a number of high profile security, anti-virus and other related companies trade stands.

Not only that, but there were also a number of live hacking events, seminars, presentations of all-sorts (mostly sales pitches) and a few off-beat companies who provide specialist services.

I wasn't there for the sales pitches. Not interested in monitoring software. Not wanting to purchase hardware. I was looking for information and useful tools.

OK, I tell a lie. Although I wasn't looking to buy hardware, I did come across one company that was selling something a little unusual and very interesting. The company in question sold USB and SSD drives that were encrypted and hardware password protected.

The company in question was iStorage,

and the product which caught my eye was the datasur USB drive.

Now for years I've used a multi-boot USB drive for my most important tools. I used YUMI to handle the drive installation where I can boot the disk into multiple platforms. But this was on an unprotected drive, where if people could have got hold of it they could have used it as well. I had to use a TrueCrypt partition to protect some of the data on there, but it was always a pain loading the partition after the boot. So now there was the chance of having a secure drive right off the bat. So I bought one right there and then at the show.

A couple of days later and DHL dropped off a small packet with the enclosed drive. The device itself is very easy to use. It comes pre-formatted with a copy of the manual sitting in the root directory and a little data card which gives the default PIN and information about how to go about changing it. Needless to say, I changed the PIN. This was now my secure drive of choice.

So I fired up YUMI, got together a collection of my most useful .ISO images (which I always have handy anyway) and started getting things running. It was at that point my elation died as did, it seems, my drive. After running YUMI and installing my copy of Kaspersky Rescue Disk (always my first install of any new drive), the drive promptly detached and became unusable. Looking in the device manager it simply showed up as an unknown USB device. According to the instructions, if you get the access code wrongly ten times in a row then the drive should reset. So that's what I did. But to no joy, the device was still unusable.

So I contacted the iStorage support team to ask for help. They immediately dispatched a brand new drive without question. The failed disk I sent back to their Technical Support department. It was later determined that the failure was due to a faulty controller. Not due to an incompatibility with the YUMI multiboot configuration which was my first thought.

The moral of this story is one of user satisfaction. The iStorage Support Deptartment spared no expense to ensure that I, as a customer, was satisfied which their product. As in all businesses, if you don't have happy customers then your business model is wrong.

My only criticism with this device is an odd one. As I mentioned before if you enter the wrong code, 10 times in a row, then the drive is wiped and scrambled. So anybody who physically gets hold of your drive can blank it in just a few seconds and wipe all your valuable data. So there is a difference between accessible security and deletion security. It's harder to wipe a normal drive since you have to access it then wipe it via the computer.

But it all depends on what sort of data you keep on the drive. You did remember to keep secure backups of your important stuff didn't you?