Those who carry sensitive information around with them on a daily basis are doubtless concerned by the possibility of losing the device carrying that precious data (or worse still, having it stolen).
Equally, if the mobile storage you use is secure, what happens if you fail to return to the office unexpectedly?
Those concerns are addressed by the new iStorage diskAshur Pro2 external HD, a compact storage device designed to work with secure data without the need to install software on all the systems it will meet. The Pro2 retails at £489 ($670 in the US, or AU$1,039).
This new Pro2 design joins the original diskAshur Pro, a product that iStorage still makes alongside other robust and secure storage devices. It comes in 500GB, 1TB, 2TB, 3TB, 4TB and 5TB capacities, and it was the latter which the firm supplied us for review.
The Pro2 is expensive as 5TB external drives go, being quadruple what Seagate asks for its Backup Plus 5TB drive, and more than double LaCie’s rugged Thunderbolt 5TB models.
After removing the drive from the packaging, we realized why iStorage asks so much for it. Because this is, without doubt, one of the most glorious pieces of product engineering we’ve had the pleasure to handle.
The upper and lower surfaces are cool-to-the-touch metal, and the waistband is soft textured rubber. The unit comes in a soft foam-lined carry case that’s reminiscent of the kind made for compact cameras, providing a snug home for the Pro2 to live when not in use.
The drive is just 84mm wide, 124mm long and 20mm deep, dictating that this uses 2.5-inch drives internally to provide 5TB of capacity. As if to underline how much of the cost goes into the engineering and not the capacity, the 2TB model is £329 (around $435), only £160 (around $210) cheaper.
From a design perspective, two features make this drive special, the first of those being the built-in USB cable.
The cable is only 12cm long when unclipped, but that’s enough to attach it to a laptop or desktop PC. The fact that the cable can’t be detached – and therefore lost – is the best aspect of this design. Although it would be unfortunate if the USB blade ever got damaged.
The other standout feature is the built-in numeric pad. This is an integral feature of the security mechanism iStorage has implemented to make the diskAshur Pro2 a reliable keeper of secrets. It’s used to enter a numeric password which is required for access.
The buttons are most likely on a membrane, but they’re positive to use and make a nice click to confirm that you’ve pressed them. In addition to the numbers, there are a few special keys for operating the unit when it is attached to a computer.
Above the numeric pad are three LEDs that confirm the locked condition, and also show drive activity. The colored LEDs are used extensively to tell the user not only the status of the drive but also to provide feedback when they perform some important procedures.
We’ve seen plenty of supposedly secure storage devices that could be circumvented by a little lateral thinking. And that certainly made us curious about how iStorage had avoided the most common security pitfalls.
At the heart of this design is a secure microprocessor (Common Criteria EAL4+ ready) that handles the encryption of the device. That, in theory, means that if the bare drive is extracted from its case, an attacker is no closer to getting to the data stored on it.
What any data thief needs is the seven to 15 digit numeric password created when the Pro2 was last configured. Guessing isn’t a good option because failure to enter the correct code enough times will result in the drive deleting the encryption key, rendering the contents beyond reach, forever.
Well, we say that, but there might be people in the security services who know how to crack AES-XTS 256-bit. For everyone else without a cryptology department, the data is irretrievably lost.
In addition to the software defenses, the unit also has numerous hardware safeguards in place to defend against external tampering, bypass attacks and fault injections. Should it detect any attempt to get into the case or tinker with USB, it will trigger a deadlock frozen state, at which point further assault is pointless.
Devices with a numeric pad like this usually come with a PC application that you need to install to make it work, but the Pro2 is fully self-contained.
That allows it to work as well with a PC, Mac or Linux computer. You can format it to whatever file system you use – even one you’ve created yourself.
The unit comes with a default Admin PIN number defined, and you can change that directly using the pad. But, armed with an Admin password, you can also create a user PIN, enabling the IT department to defend itself against forgetful users (up to four).
Both Admin and User modes can also be made read-only, avoiding any danger of deleting things inadvertently.
But the most Bond-esque PIN code you can define is the one that initiates a ‘self-destruct’ sequence.
Sadly, this doesn’t blow up the Pro2 in spy-film-style, but instead it initiates an internal crypto-wipe where all the PINs and data are erased, and the drive must be reformatted before it can be used again.
Our only reservations about this and other features are that setting some of them is complicated and needs the manual (supplied as a PDF on the drive) handy to avoid mucking up the procedure.
We’re sure after regular use it will become second nature to change a user PIN or the length of time before the drive automatically locks. But initially, it’s a little daunting.
For everyone but probably the security services, the Pro2 has enough in the way of protection, provided users take it seriously, and don’t write the Admin PIN on the underside with a Sharpie.
However iStorage wired the internal hard drives to the encryption engine, it didn’t impact negatively on performance. With 145.5MB/s reads and 144.8MB/s writes, the spinning rust inside the Pro2 has some intent about it.
While an SSD would be quicker (and iStorage provides models with those inside, too), those performance levels are good enough. And about as rapid as a PC with hard disk-based storage is likely to be.
We should also mention that the unit is IP56 certified, making it water and dust-resistant, though not waterproof by any stretch. An extra touch in terms of the physical protection is that the keys on the pad are coated in epoxy. The coating has the dual benefits of not only extending the effective life of the keys, but it also makes it harder to work out which keys are being used on a regular basis.
As a final sweetener to any purchaser, iStorage is doing a deal where it gives you free software licenses from Nero and ESET, should you use either of those.
If it wasn’t for the eye-watering cost, we’d be recommending the iStorage diskAshur Pro2 more forcefully. The combination of a well-considered security model with a superbly engineered device is an alluring one.
How well it works in any company context will depend on the person in charge of it, and how seriously they take their data security. Because while the Pro2 might have relatively few technical flaws, the data on it could still be exposed by sloppy practices.
As with most security systems, the weakest point of potential failure is the human operator, sadly.