BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field – Security Boulevard

Encrypted flash drives, essentially secure storage on a stick, are a proven technology that has been readily available for at least 15 years. A few years back, it seemed like they would fade into obsolescence, swept aside by the wave of streaming services and cloud storage.

Related: Can Europes GDPR restore data privacy?

And yet today there is a resurgence in demand for encrypted flash drives. Whats happened is this: Digital transformation has raced forward promoting high-velocity software innovation, with only a nod to security. This trend has opened up vast new tiers of attack vectors and threat actors are taking full advantage.

Security-conscious companies the ones who are proactively responding, not just to threat actors having a field day, but also to the specter of paying steep fines for violating todays stricter data privacy regulations are paying much closer attention to sensitive data circulating out in the field, as well they should.

Highly secure portable drives make perfect sense in numerous work scenarios; encrypted flash drives, specifically, are part of a global hardware encryption market on track to climb to $296.4 billion by 2020, up 55% as compared to 2015, according to Allied Market Research.

Fateful elevator pitch

One of the vendors I always enjoy speaking with in this space is DataLocker. Co-founder Jay Kim was running a family steel fabrication business when he took a trip to South Korea in the fall of 2007. He was meeting a friend, who introduced him to another friend in an elevator, no less.

Turns out that friend of a friend had an invention that tickled Kims entrepreneurial instincts. Knowing nothing about cybersecurity at the time, Kim became persuaded that the inventor was on to something. So he wound down his other business pursuits and within a few months pushed ahead with the boot-strapped launch of DataLocker.

Today the company operates out of spacious quarters, with room to grow, in Overland Park, Kansas; it has 50 employees and continues to innovate to meet what has turned out to be an enduring demand for secure portable storage devices. DataLocker supplies platform-independent devices that tie into a central management console. This gives the user the ability to inventory and audit portable storage devices being used out in the field.

I met with Kim at BlackHat 2019 and had a wide ranging discussion with him. For a full drill down, give a listen to the accompanying podcast. Here are excerpts edited for clarity and length:

LW: Why are secure thumb drives still in demand?

Kim: Because of the active threats were seeing today there has been kind of a moving back towards hardware based, cold storage, basically off-line storage. So were finding a lot of organizations now are reincorporating encrypted storage devices into their arsenal of data security tools.

LW: Threats are still out there, essentially.

Kim: Yes, companies want assurance that they have an offline backup, yet they also want to be able to monitor what people are doing with those backups, as well. For instance, with ransomware, one of the best protections is to have a physical offline backup. So were finding a lot of companies going old school and choosing not to put data onto their server, but put it onto actual secure devices, and keeping those offline.

LW: What other kinds of usage patterns are becoming common?

Kim: Weve seen a complete evolution in use cases. When we started off, the primary use case for encrypted hard drives and flash drives was for transport and for backup, as well. Now were finding more companies using them for primary storage, basically having data thats hardware encrypted that they use on a daily basis.

And then theres mobility, because despite the increases in network speeds and wireless speeds, the transfer rates for the volumes of data theyre being transferred and stored these days makes it really impractical to use cloud storage. In many cases youre talking about multiple terabytes of data that need to be transferred from point A to point B.

A lot of organizations find that one of the easiest things to do is to put it on secured hardware, drop in FedEx, and send it off to their lab or wherever it may be. And then when its received, grant them the authorization to access the device.

LW: Sort of like an evidence chain?

Kim: Yes, a chain of custody. Thats one of the main use cases. With our management service, you can track where and when each device is accessed, who accessed it and what data was put onto it. And at the end of the day, if you want to, you can even remotely wipe the device.

LW: Even in our paperless society, actual documents are still important.

Kim: Its forensics evidence. A lot of companies will actually take a take a snapshot, an image, put it on one of our devices and just put it in a safe, literally a physical safe, and use that as evidence. Because with our tracking capability, we can ensure that the data thats stored on the device hasnt been touched since it was put into storage. So they have that whole chain of custody in place for that image; and in todays regulatory world, thats very important.

LW: Right, with Europes GDPR and states like New York and California imposing penalties for violating data privacy rules, thats gotten peoples attention.

Kim: What were finding is the biggest need for many end users is not really the encryption itself, but to be able to prove that their data has been encrypted. We give them that ability to create that audit trail to prove that, Hey, this device was fully encrypted to meet the regulatory standards. Basically its evidence for the organization in case of anything that happens down the road.

LW: Whats new with DataLocker?

Kim: So we started off with encrypted storage devices and weve evolved. Weve just launched a data loss prevention product, called PortBlocker, which locks down USB ports. Our little twist is you can lock down your ports, but you also have the ability to audit those ports and see whats going, with a really crystal clear view of USB storage device usage within your organization.

Weve also re-launched a really cool product called SafeCrypt. Weve created a virtual drive, which functions the exact same way as our encrypted hardware devices. It lets you choose where you want to store your data in encrypted form. It can be in a service like Dropbox or Google Drive or it could even be a local folder or local drive. It creates a drive letter on your desktop where you authenticate, then read or write to that drive letter, and thats it. As soon as it hits that drive to letter, its encrypted.

LW: Do you still imagine theres going to be ongoing demand for portable hardware devices, going forward?

Kim: We do not foresee secure hardware storage devices going away anytime soon. There are billions and billions of USB storage devices out there and the proportion of hardware storage devices that are encrypted keeps increasing.


Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.

Recent Articles By Author

*** This is a Security Bloggers Network syndicated blog from The Last Watchdog authored by bacohido. Read the original post at:

Go here to read the rest:
BEST PRACTICES: Resurgence of encrypted thumb drives shows value of offline backups in the field - Security Boulevard

Related Post

Comments are closed.