Securing data is a difficult job as evidenced by the constant stream of data thefts, either fromserver breaches orstolen laptops. The latter is something iStorage is hoping to help prevent by building highly secure portable hard drives that can store sensitive data but be transported from desktop to laptop, from work to home, with a low risk of data theft, even if the device is stolen.
The company has several product offerings, and today I'm looking at the diskAshur PRO2, a USB 3.1 device that has met the rigorous demands of many highly-regarded security certifications, including FIPS 140-2 Level 3 validation through the National Institute of Standards and Technology (NIST).
SpecificationsThe iStorage diskAshur PRO2 comes in six different storage capacities (between 500GB and 5TB) but otherwise lacks any customizations. For those who prefer solid state devices, there is a diskAshur PRO2 SSD model that is the same, except it comes with an SSD instead. In both cases, power is supplied via the USB port, so there are no external power adapters. The device works with any operating system, making it extremely flexible.
Dimensions 500GB, 1TB, 2TB 124 x 84 x 20 mm / 4.9 x 3.3 x 0.8 inches 3TB, 4TB, 5TB 124 x 84 x 28 mm / 4.9 x 3.3 x 1.1 inches Weight 500GB, 1TB, 2TB 225 grams / 7.9 ounces 3TB, 4TB, 5TB 331 grams / 11.7 ounces Encryption AES-XTS 256-bit Full-Disk Hardware Encryption Data Transfer Speeds Up to: Read 148MBps / Write 140MBps Warranty 2 YearsIf you're worried about water and dust, the diskAshur PRO2 has an IP56 rating , which means you can't submerge the drive, but if you carry it out in the rain, you will be fine.
The drive ranges in price from 209 for the 500GB version, to 489 for the 5TB version. I was given the 1TB version to review, which retails for 269 ( $375 at Amazon ). It's available directly from iStorage, as well as at your typical retail locations such as Amazon , Insight, and CDW.
Security FeaturesIf you're looking for cheap and portable storage, but don't care about security, then there are far better solutions in the market for you that come in at cheaper price points. If you require your data to be secure, then the diskAshur PRO2 shines.
The first thing to note is that iStorage isn't just touting security features on their marketing slides: the company went out and received several highly regarded certifications, with the most impressive (in my opinion) being FIPS 140-2 validation through the United States National Institute of Standards and Technology (NIST). You can read about all of the requirements that FIPS 140-2 validation entails at the NIST website , but in a nutshell, reviewers look at everything from role-based access, the physical security of the device, cryptographic key management, EMI impact, and more. The standard has four levels, and the diskAshur PRO2 was validated at level 3.
In addition to FIPS 140-2 validation, the diskAshur PRO2 also has NLNCSA BSPA certification as well as NATA Restricted Level certification. It also is NCSC CPA rated, and meets Common Criteria EAL4+ (security and government both love their acronyms!).
After connecting the drive to a computer via USB, the drive is powered but is not in a readable state. The user must first type in a code on the provided keypad in order for the storage to be recognized via the operating system. I'm sure everyone's seen heavily used keypads with the numbers smudging off, a tip to what numbers are part of the code. As an extra security measure, iStorage coated the keypad itself in an epoxy to prevent key wear.
To prevent an attacker from creating a robot that can press all key combinations, after five incorrect codes, the drive must be disconnected from the USB port and then reconnected. After the next five failed attempts, the drive must be removed and the shift key pressed while being reconnected. Finally, if the next five attempts (for a total of 15) fail, the drive deletes the encryption key and locks itself, in essence destroying the data.
Since this is a physical drive that's carried around, what's to stop the bad guy from simply accessing the internal components directly? That's done by covering the internal components in an epoxy resin which, according to iStorage , "is virtually impossible to remove without causing permanent damage to the components. This barrier prevents a potential hacker from accessing the critical components and launching a variety of futile attacks." In addition, the design of the enclosure makes it easy to tell if the device has been tampered with, giving visual evidence of an attack should the drive be recovered.
During the review, I wasn't able to find a way to open up the enclosure to get to the physical drive without potentially breaking the enclosure as there were no screws holding the device closed. Even removing the rubber feet on the bottom of the drive didn't help as there was nothing but more plastic underneath them, and it was extremely difficult to get the feet back in, providing some measure of tamper evidence. While I could've broken the device to get into the guts, the fact that NIST has already validated the security means I didn't have to damage the diskAshur PRO2 myself.
To help prevent someone from walking off with the drive, you can attach a standardKensington lock to the device.
The diskAshur PRO2 has the concept of both an admin account as well as a user account, each of which are activated based on the PIN entered to unlock the device. The admin account has full control over the device and can set things like PIN complexity rules, create user accounts, set the device to read-only mode, and the like. User accounts are generally made to simply read and (optionally) write data to the device. Using the device is as simple as plugging the diskAshur PRO2 into a USB port and typing the PIN of the user you want to login as.
The device can also be given a