The easiest way to secure your USB thumb drive is to use hardware based encryption, these secure USB flash drive will cipher every single bit of data stored in them and are trouble free to use for users, there is no learning curve.
However, just because you are using encryption it does not mean you are safe, you will need to make sure that nobody can crack it, choose an USB thumb drive with no backdoor encrypted with a well known attack resistant algorithm like AES (Advanced Encryption Standard) and if you are going to use it in a business environment choose a FIPS (Federal Information Processing Standard) certified thumbdrive.
Benefits of hardware based encryption
- Hardware encryption is faster than software as you are not using computer resources
- Hardware encryption is shielded from malicious code targeting encryption software
- Hardware encryption does not normally require you to install drivers or administration rights
- A malicious hacker will need physical access to the device to crack it
- Hardware based encryption requires very little training to use it
Disadvantages of hardware based encryption
- Your encrypted USB flash drive can be stolen or misplaced and you will lose all the data
- Hardware based encryption might not have been scrutinized as much as open source encryption
- Hardware based encryption does not allow for scalability, i.e. increasing encrypted container size
USB flash drives using hardware encryption
Kanguru Defender Elite: Safe to be used in Government and Health environments, HIPAA, SOX and GLB compliant, it uses hardware based AES 256-bit encryption, operating system independent, FIPS 140-2 certified, its case is tamper and water resistant filled with epoxy.
Gemalto SmartGuardian: FIPS-140-2 level 3 certified personal security device, designed to meet the U.S. Government DAR program security requirements, metal casing is water and tamper proof, USB thumb drive solution designed for businesses.
Corsair Flash Padlock: It uses customizable 4-10 digit personal identification number to lock and unlock the encrypted USB flash drive, AES 256bit encryption secured, hacking detection locks device for 2 minutes after 5 failed PIN number attempts.
IronKey: Encryption keys are kept on the chip and never passed to memory, Imation IronKey uses AES 256-bit encryption in CBC mode, security level 3 FIPS 140-2 validated, tamper resistant designed hardened with epoxy compound encasing the chips, available for Mac, Linux and Windows.
CE Secure Vault: Hardware encrypted flash drive secured with AES256 in CBC mode certified FIPS-140-2, it will work on any computer OS without having to install drivers, it includes a virtual keyboard to beat keyloggers, when the wrong password is entered multiple times there will be a time out to stop dictionary attacks, if the thumbdrive is left behind it will automatically lock with an adjustable timer lock. The case is epoxy sealed and waterproof.
Super Talent SuperCrypt Pro: Hardware based USB flash drive encryption supporting USB3.0, with 64MB Cache, SuperCrypt Pro uses 256bit AES encryption in XTS mode, encryption key is stored in hardware and never passed on the USB or system bus and it has a secure erase feature.
Lexar JumpDrive S3000: Enterprise class USB flash drive, FIPS 140-2 Level 3-validated by the National Institute of Standards and Technology and AES 256-bit hardware encryption with resistant waterproof USB metal case.
Verbatim Store ‘n’ Go: Retractable USB Connector with no cap to lose, using 256bit-AES hardware encryption, enhanced for Windows 7/Vista ready boost, it meets meet FIPS 140-2 Level I requirements for cryptographic modules.
Kingston DataTraveller Vault: Waterproof ruggedized aluminium case with enterprise grade security using hardware based 256-bit Advanced Encryption Standard (AES) encryption in Cipher Block Chaining (CBC) mode.
Patriot Bolt: Consumer oriented USB thumbdrive with built-in with hardware based 256-bit AES encryption & 512-bit RSA engine for user authentication. The drive locks down and reformats after the password is consecutively entered incorrectly 10 times.
Centon DataStick Secure: Consumer focused USB thumbdrive using AES 256bit hardware based encryption, LED access indicator and swivel cap.
Aegis Secure Key: Fully encrypted with hardware AES256bit in CBC (Cipher-Block Chained) mode, the password is comprised of 7 to 15 alphanumeric digits that are entered with a keypad, flash drive is platform independent it works on any OS without having to install drivers or needing administrator rights, the enclosure is made of aluminium and sealed with epoxy dust and water resistant. To stop brute force attacks, if an incorrect password is entered a total of 10 consecutive times the encryption keys and data will be automatically destroyed.