Lock Down the Data on Your Portable Drives

Barely a week seems to go by without a headline story on the latest laptop data breach--millions of veterans' files here, thousands of medical records there, and credit card numbers everywhere. But laptops aren't the only targets: The proliferation of portable USB hard disks and flash drives with huge capacity makes the loss or theft of critical data likelier than ever.

A Computer Security Institute survey of 494 security practitioners in large organizations found that though about half of respondents had had a laptop or mobile device stolen, only two-thirds used encryption to safeguard the data on their portable devices.

If security experts at large companies haven't bothered with encryption, it stands to reason that most smaller companies have not either. Why? Simply because it has been a pain for IT staff and employees. Users forget passwords (potentially locking a drive forever), and software-based encryption can sap PC performance.

New hardware and software products, however, promise to simplify portable-drive encryption, making the task fast and transparent.

Information Age, Meet Encryption

Many new portable drives come with encryption, but it is also available as an add-on from Cryptainer PE ($30 and up), Migo Portable Vault ($15), or TrueCrypt (free). You just type in a password to access files encrypted with strong algorithms such as 256-bit AES or 448-bit Blowfish. These are simple and inexpensive options (as long as you don't lose your password). Since they are software-based, however, they slow things down, and can be breached by an infected host PC that captures the password. You could also lock your data with Windows' built-in encryption capabilities, namely EFS in Windows XP and BitLocker in Vista Ultimate (for instructions, read "The Simple Way to Keep Your Private Files Private").

For better and faster protection, consider a drive with built-in hardware encryption, such as the new Apricorn Aegis Vault (80GB to 250GB, $139 to $269), a USB hard drive with real-time 128-bit AES support, or the SanDisk Cruzer Professional (1GB to 4GB, $55 to $145), a flash drive with 256-bit AES. Both allow you to create unencrypted drive areas for public access, and since they require no software, you can take them on the road easily. SanDisk also makes an Enterprise version of the Cruzer (1GB to 4GB, $75 to $185), which allows central management of passwords.

No matter how strong the encryption, security is only as strong as your password. Biometric devices are more stringent, allowing access only to authorized users. Apricorn's Aegis Bio portable drive (80GB to 250GB, $169 to $299) provides both a fingerprint reader and 128-bit AES hardware encryption, and La Cie's SAFE Mobile Hard Drive with Encryption (160GB, $220) combines fingerprint access with 128-bit DES. Both devices allow up to five users.

Leave No Trace: Go Virtual

SanDisk's Cruzer Professional and Enterprise offer self-contained encryption.
SanDisk's Cruzer Professional and Enterprise offer self-contained encryption.
While encrypting the data on your portable drive is a good start and should protect your drive if it is lost or stolen, several potential security holes remain. First, as long as a drive is running, your files are unlocked, so they are vulnerable to malware and hacking through the host PC and any network to which you are connected. Second, programs you use may leave unwanted traces on the host PC, even after you've disconnected the encrypted drive. System virtualization software such as Ceedo Personal ($30), MigoSync Premium ($50), and RingCube MojoDrive ($99) can help plug those holes by limiting your applications and settings, as well as your data, to the portable drive--that is, they let you connect to a guest PC while replicating your personal environment and keeping your files off the host. All claim to leave no trace of you on the host computer after you sign off, and MigoSync and MojoDrive also encrypt your data in case you lose the drive itself. Ceedo works with optional add-on encryption software. Lexar's JumpDrive Lightning USB flash drive (4GB, $199) bundles both Ceedo and AES encryption.

Laptop Disks Get Encryption

Hardware-based encryption is also coming in internal laptop drives from Hitachi and Seagate. Dell's new Latitude D630 and D830 are the first notebooks to use Seagate's Momentus 5400 FDE.2 full-disk-encryption hard drive.

While not yet built into any laptops, Hitachi's Bulk Data Encryption option is available for all of its popular TravelStar hard drives. Since the data encryption functions work at the hardware level on these models, the performance impact is minimal, and you can make your data inaccessible instantly simply by throwing away the encryption key.

Subscribe to the Best of PCWorld Newsletter