Review: An Ultra Secure Flash Drive for Remote Workers
For organizations looking to maintain data security amid the work-from-home movement, Tom Fenton reviews the 16GB datAshur BT 16GB flash drive, which can be unlocked via Bluetooth from a cell phone, and, more importantly, has remote management functionality for enterprise use.
Work from home (WFH) initiatives have many challenges, and chief among them is data security. Although we can try to minimize security risks by using virtual desktop infrastructure (VDI) to store corporate data in a secure location, the reality is that not all workers are ideal candidates for VDI. For example, not all locations where a user might conduct remote work will have reliable networking. Sure, there are ways we can try to mitigate "data leakage," such as locking down remote laptops, but this can be difficult, if not impossible, if the laptop is a personal device.
To solve the problem of secure data for remote workers, iStorage has just released a line of datAshur BT flash drives. I looked at the diskAshur PRO2 Portable Hard Drive earlier this year and was impressed with its build quality and security features.
In this article, I will be looking at the 16GB datAshur BT 16GB flash drive. What distinguishes this flash drive is that can be unlocked via Bluetooth from a cell phone, and, more importantly, has remote management functionality for enterprise use.
Below are the iStorage datAshur BT specifications:
All data on the drive is encrypted in real-time with AES-XTS 256-bit AES encryption. This is performed by a hardware encryption module certified to the FIPS 140-2 level 3 standard, which meets the US government security standard for data encryption. It has hardware safeguards to defend against external tampering, and if it detects any attempt to get into the case or tinker with the USB, it will trigger a deadlock frozen state -- at which point the data on it will become inaccessible. Internally, the device's components are contained in epoxy to prevent any tampering, which has the added benefit of making the device waterproof.
The device has green, blue and red LED lights on it to indicate its status: locked, connected to the app and/or transferring data, or in self-test mode.
The device is unlocked using the datAshur BT app. You can authenticate to the app using a 7-15 character password or biometric unlock (i.e., face ID/ recognition, touch/fingerprint ID and iris scanning). It also has many interesting security features, such as Remote Wipe in the event the drive is lost or stolen. The Step-away AutoLock feature will lock the drive when the iOS/Android device is moved approximately 5m away from the drive for longer than five seconds. Inactivity AutoLock protects against unauthorized access if the drive is unlocked and inactive for a pre-determined period of time (between 1–60 minutes). Moreover, if you enter the wrong keycode in more than ten times, the drive will be erased and a new password will need to be created before it can be used again. iStorage has designed the device to meet most enterprise security requirements.
The drive comes in plastic clam shell packaging and includes a quick start guide.
To work with my device, I first made a note of the device ID printed on the back of the drive, and then connected it to my laptop.
I made sure that Bluetooth was enabled on my Android smartphone, and then I downloaded, installed and opened the datAshur BT app. When I downloaded the app, I also saw BT Managed and BT Admin apps available.
I clicked datAshur BT, entered the device ID, and clicked OK. After a few seconds, the device initialized. I clicked the Red Padlock icon and entered the default password (11223344) for the device.
At this point, the app showed a green padlock to indicate that the device was in Unlocked mode.
I clicked Change Password, entered the old password and then entered a new password of my choosing.
My laptop showed the device, just as it would any other drive, and I could read and write files to it without any issues.
I then enabled the Drive Password Recovery service, which will send a recovery code as an SMS text message and enable me to set up a new password if I forget the old one. I did not enable the Remember Password feature, which would unlock the device without the need to enter a password (this would violate my company's security policy). If I was in a secure location, however, this would be a useful feature.
I set the Inactivity AutoLock feature to 40 minutes, so if the device were not used for that length of time, it would lock. I tested this function and it worked as expected.
I enabled and tested the Step-away AutoLock feature by walking out of the room for a brief period of time and returning, after which point I needed to unlock the device using the app.
Because my company requires 2-factor authentication, I enabled this setting. After doing so, every time I attempted to unlock the device, an SMS text message with a random confirmation (security) code would be sent to my smartphone, which I would need to enter on the app before the device would unlock. I tested this by locking and unlocking the device, and it worked as expected.
The final feature I set was Remote Wipe, which will allow the device to be wiped when it connects to ANY other datAshur BT account. In other words, if the device is lost and someone else downloads the app to their phone, the device will be wiped when they try and pair it.
The features mentioned above make the device very secure for personal use, but iStorage also can be used with the web-based iStorage Remote Management Console (RMC), which allows the administrator to control where and when the drive can be accessed with geo- and time-fencing, as well as basic management features, such as Remote Wipe, Remote Unlock, Change Passwords and Disable Access. These are security features that enterprises might find appealing, even if not officially required by their corporate governance. Note: iStorage does charge for this additional functionality.
This works with the same drive; you just use the dataShur BT Admin rather than the standard (personal) dataShur BT app to configure the drive. I didn't set this up, and took the following screen captures from the datAshur BT RM Admin Guide.
The basic process of initial configuration for a remotely managed device is similar to that of the standard personal app, but the Admin app allows you turn on the RM Enforced feature. Using the Admin app, you can set the global settings for all the devices that you will be managing.
Once a device is registered using the RM Admin app, the web-based RMC can be used to manage the device.
The RMC can be used to create new users for the device; they will be sent an e-mail containing their username and temporary password, and a download link for the datAshur BT Managed app. Furthermore, administrators can see where each device is, and can set up time and allowed location policies.
The end user's app, on the other hand, will only have a limited subset of options.
If an incorrect password is entered more than 10 times on a device, it will be wiped.
The RMC can be used to use the Admin Remote Wipe, Change Drive Password and Admin Remote Lock features.
With the recent global trend toward remote work, enterprises are in need of innovative solutions to allow secure user access to data. iStorage has been on the forefront of this trend, and their latest product, the iStorage dataAshur BT, is well-built and has many novel security features. The device, while expensive, succeeds at providing a secure place for remote workers to store their data.