Security

Review: Ironkey encrypted flash drive

With an increasingly mobile workforce, keeping sensitive data safe and secure is becoming an evermore pressing priority. For many, the most efficient way to secure data is with encryption. That is where the Ironkey encrypted flash drive comes into play.

With an increasingly mobile workforce, keeping sensitive data safe and secure is becoming an evermore pressing priority. For many, the most efficient way to secure data is with encryption. And, while software-based encryption is not bad, the most effective encryption is achieved via hardware. That is where the Ironkey encrypted flash drive comes into play.

Specifications

  • Capacity: 1GB, 2GB, 4GB, or 8GB
  • Dimensions: 75mm X 19mm X 9mm
  • Weight: .9 oz (25 grams)
  • Waterproof: MIL-STD-810F
  • Operating shock: 16G rms
  • Hardware: USB 2.0 high speed
  • Operating system encryption compatibility: Windows 2000 SP4, Windows XP SP2+, Vista, Macintosh OS X 10.4+, Linux 2.6+
  • Hardware encryption:
    • Data: AES Cipher-Block Chained mode
    • Encryption keys: 128 Hardware DRNG
    • PKI: 2048-bit RSA
    • Hashing: 256-bit SHA
    • FIPS validations: 140-2 Level 2, 186-2, 197
  • Section 508 compliant
  • Price: $149 for 4GB model
  • Additional information
  • For a closer look, check out the Ironkey TechRepublic Photo Gallery

Who is it for

The Ironkey encrypted flash drive is designed for any one or any enterprise looking to secure data with military approved 128-bit encryption. The Ironkey system is especially effective for enterprises with mobile workforces because the flash drives can be managed by network administrators via the corporate network and the Internet.

What problem does it solve

Hardware-based encryption increases the overall level of data security substantially, especially for a mobile workforce exposed to potential security breaches from stolen laptops and lost external storage drives like USB thumb drives. Using Ironkey drives to store sensitive data will ensure that information is never revealed to thieves or other nefarious individuals because it will self-destruct the stored data after 10 failed attempts to enter the proper password.

Features

  • Hardware encryption: Software encryption is very difficult to bypass, but it can be done with brute force methods in many cases. Hardware encryption offers yet another level of security. And with the additional self-destruct feature of the Ironkey, users can be assured that data is not going to pass to your typical thief.
  • Self destruct: If a user fails to properly enter the authentication password 10 times, the Ironkey will write over the data on the drive. This is an internal hardware event that cannot be stopped via software. However, if the data has been backed up using the Ironkey application, the data and key can be recovered once a correct password is entered.
  • Administrative management: For enterprises, the deployment of Ironkeys can be managed by a centralized administrator. That administrator can issue keys, log activity, and even shut down and/recover lost or stolen drives.
  • Identity manager: Passwords and other login information can be stored and backed up by the Ironkey. Authentication of frequented sites that require it can be automated securely by your Ironkey.
  • Secure Web surfing: Users can surf the Web through a secure, encrypted IP address, further protecting sensitive information that may be submitted via forms or other Web-based applications.

What's wrong

  • Small storage sizes: The most storage available on an Ironkey as of this review is 8GB. While 8GB may be enough for many applications, it may not be enough for some large files like databases.
  • User error: No matter how good the security system and the encryption, it is still subject to social engineering. Using the Ironkey requires a password and users are prone to revealing those passwords to people they shouldn't.

Competitive products

Bottom line for business

Keeping data safe is paramount for most enterprises regardless of their size. If the data to be kept safe is relatively small and distributed among many employees, especially employees engaged in activities outside the corporate campus, the Ironkey encrypted flash drive system is one excellent security solution. With administrative support systems and self-destruct features, enterprises can use the Ironkey systems to take steps to verify their data is safe and secure.

User rating

Have you encountered or used an Ironkey encrypted flash drive? If so, what do you think? Rate your experience and compare the results to what other TechRepublic members think. Give your own personal review of the Ironkey system in the TechRepublic Community Forums or let us know if you think we left anything out in our review.

About

Mark Kaelin is a CBS Interactive Senior Editor for TechRepublic. He is the host for the Microsoft Windows and Office blog, the Google in the Enterprise blog, the Five Apps blog and the Big Data Analytics blog.

17 comments
CryoSilver
CryoSilver

Nice for what it does, but way too pricey. 8GB Corsair Survivor: $30, Truecrypt: free (included with flash drive), 5 minutes setting up 2 partitions, one for the program, one for encrypted data: 5 minutes @ $25/hr = $2.08. Cost: $32.08; savings: $117.91, and extra storage space to boot.

Neon Samurai
Neon Samurai

I've been oogling the Ironkeys for a few years now and been using one for six months or so. I'm waiting for a spare at work that I can blow the password limit on just to see it eat itself.

BALTHOR
BALTHOR

Microsoft pops up a prompt that same something like the files can not be accessed.Try My Computer then select the drive then copy and paste to your desktop then format the drive and copy and paste the files back to the drive.The memory stick has a BIOS!

Mark W. Kaelin
Mark W. Kaelin

Do you have systems in place to encrypt data? Should you have systems in place? What methods do you employ to keep your enterprise data safe? Have you tried Ironkey? What do you think?

Michael Kassner
Michael Kassner

It's pricey. It's the ability to use their TOR servers that elevates the cost.

mp112849
mp112849

It seems that you could back up your password for the device online somehow. Assuming that you'd be posting that backed up password to an IronKey repository, what happens if IronKey goes out of business?

CryoSilver
CryoSilver

Given that when you search "tor server' on Google, the first solution that pops up is free, that $117 seems like a nice steak dinner instead of paying for a flash drive and a service available for free online.

Neon Samurai
Neon Samurai

My understanding is that you have to send it back to the company for replacement rather than simply re-initializing it. Mind you, we don't have the enterprise management console so maybe that provides less intrusive options.

Michael Kassner
Michael Kassner

I am just suspect of any old ToR server though. I know the IronKey developers and trust that their servers are secure and not doing DPI.

Michael Kassner
Michael Kassner

Mine is only used for the secure Tor network. I spend a lot of time at sites that only have open Wi-Fi and that security is critical. As for secure data, I have several Sandisk Cruzers that I encrypt with TrueCrypt, which IMO is totally bullet-proof as well.

Neon Samurai
Neon Samurai

I should have been more clear probably. My meaning was that the destruction from physically breaking is is passive; chips break because chisseling the apoxy away will break them also. By contrast, the maximum password fail limit is an active response; it has power from the USB port so it can recognize the failed attempts and roast the data. The outcome is indeed the same though; the data remains out of the hands of the attacker.

64molson
64molson

Here's a quote right from their FAQs: "it will self destruct in hardware (not via software)." If the encryption keys are toasted: good bye data! I believe you meant to say maximum password tries. They two different functions. Wrong password 11 times=destruction. Try to break it open to get the chips= destruction. Either way the data's toast!

Neon Samurai
Neon Samurai

In chipping away the apoxy, you will inevitably damage the chip in the process. Not a huge difference but just to clarify that it's not a self destruction function that senses the attempt and responds. In contrast, the maximum password ties function is an active responce function that bakes the data when triggered. Freaking fantastic bit of kit though. I wish the 8 gig was in the budget range to justify replacing my personal flashdrive.

64molson
64molson

If the device is physically attacked,ie someone tries to break it open to get the flash chips; the cryto-chip self destructs!! The flash chips are encapsulated in expoxy to make it waterproof & tamper proof. This will further deny access to the hardware! I will NOT try to test these feature on my personal IronKey!!!!