I've had my hands on what is being described as the 'most secure hard drive ever made' for a while now. Such are the advantages of being a well known reporter on all things security I guess, I get to play ahead of the crowd. As the first journalist to get hold of one of the diskAshur Pro 2 drives from iStorage, I have been able to put it to the test in time for the press embargo being lifted today.
I have, of course, long recommended that portable data should be encrypted. It is seriously stupid not to do so, given the risk of loss whether through misplacing a device or it being targeted for theft. For most people, this means using encryption software to protect the data not the drive. Hardware encryption ups the ante just a tad as there's no software to backdoor, no chance of accessing the drive first and so get time to play with the data within.
It should come as no surprise to discover that I have had one of the original diskAshur PRO devices in my kitbag for some time, and a hardware-encrypted flash drive on my fob for good measure. But whereas the original was really secure, the new model is goddamn batshit crazy secure. And then some.
For most readers I will hazard a guess that such a drive would be overkill. Indeed, it's not aimed at most people; this is a drive for those organisations and individuals who are truly serious about data privacy. Especially those who have a regulatory need for such paranoia, but really anyone who wants to be as sure as they can be that their data cannot be hacked.
iStorage has a bit of a marketing slogan going for this drive of 'without the PIN there's no way in' which is asking for trouble you might think. I think it might just have a point. The Enhanced Dual Generating Encryption (EDGE) technology comes complete with a Common Criteria EAL4+ ready secure microprocessor. What does that mean? Basically that you get built-in physical protection mechanisms to defend against external tampering which can, apparently, withstand 'laser attacks' and fault injection methodologies.
Any attempt to break into the device (the internal components are encased in a layer of epoxy resin so tough that breaking it without breaking the components is a very hard ask) kicks off a deadlock frozen state that in turn makes those useless from then on. The drive needs to be disconnected, reconnected and powered-on in different ways before any more brute force attempts can be made. Three groups of five PIN entry attempts are allowed, requiring a specific code to be entered before the final five can be tried. After that the drive will delete all admin and user PINs, delete the encryption key and the data. Gone. Period.
Needless to say, all the authentication parameters are encrypted and physically protected by the microprocessors' memory encryption (scrambler) and access control schemes for good measure.
I like that the PINs and encryption keys are always encrypted at rest. I like that the epoxy coated PIN pad is responsive as well as being durable. I like that PINs must be between 7 and 15 digits, with a shift parameter counting as a distinct value. I like that you cannot use all sequential numbers, nor all repeating numbers, for either admin not user PINs. I like that an admin can setup separate user PINs without compromising the security of the device, or the data upon it.
I like a lot about this thing, truth be told. Stuff like how it locks down automatically when ejected from a host device or when the lock key is hit or after a pre-configured period of inactivity.
I like the real-time military grade AES 256-bit XTS full-disk hardware encryption validated to FIPS PUB 197. That means no software to be concerned with, no drivers to worry about. I like drives that are platform and device agnostic, that I can throw at a Windows machine just as readily as a Mac, Linux or Android one. I like all the reassuring certifications and validations that iStorage has, or is in the process of acquiring, for this thing. I like that it is, I am told, fully GDPR compliant. Readers in the EU will be pleased to hear that one as well, given the legal and financial implications of storing portable data on something that isn't as from spring next year.
I even like the form factor: 124mm x 84mm x 20mm and weighing in at 225g with a light but protective carry-case included. It's a USB 3.1 drive, and the hardware encryption doesn't slow it down any.
So what don't I like? Well, if I'm honest, I would prefer something packing a SSD and not 'spinning rust' as I perhaps unfairly call an old-fashioned hard drive. At least the WD Black 2.5" hard drive within is well-regarded and has a good durability record. Indeed, iStorage are throwing in a two year warranty as standard, which speaks volumes. That said, SSD versions are also available but will come at a higher price premium of course. So a 512GB SSD drive would set you back £429 instead of £209. These 7200rpm SATA 600 drives offer decent value for money, and that's important. Which you might think is odd, as you can buy one standalone for around £50 here in the UK at the lower end (500GB) of the capacity range. What you are paying for here is the assurance of those additional layers of tested security.
And, finally, what will you need to pay for all this then? In the UK the 500GB version has a recommended price of £209, with 1TB at £269 and 2TB at £329. For EU and US pricing please refer to the iStorage UK website which will be announcing distributors and resellers for these markets in due course.
Does that make this a must have purchase, good value or something to consider? That all depends on just how valuable your data, and privacy, are to you.