Removable storage devices, such as USB Flash memory and portable hard drives, have become so commonplace that it’s hard to remember that there was a time you couldn’t so easily walk around with gigabytes (or even dozens or hundreds of gigs) of storage tucked into a pocket or purse. While the data mobility that this kind of storage affords can be a huge boon to productivity, it can also put information at serious risk given how easily the devices can be misplaced, lost, or stolen.

While there’s little you can do to prevent a storage device from going missing, you can mitigate the risk to the data on it through encryption (typically 128- or 256-bit AES) so that anything sensitive or confidential will be protected should an errant device fall into the wrong hands. In fact, depending on the nature of the information you’re dealing with, it may be subject to laws or regulations that oblige you to keep it secure.

Fortunately, there are plenty of options for secure portable storage; here are some important things to keep in mind when considering one.  

Protection for existing storage devices

If you’re already heavily invested in ordinary removable storage, third-party encryption software can help protect those existing devices.  If you have Windows 7 Ultimate or Enterprise edition, for example, you can use the built-in BitLocker to Go feature (though pre-Windows 7 systems only give you read access), while the free and open-source TrueCrypt is a good OS-independent option that’s available for Windows, Mac, and Linux. (For details on how to use TrueCrypt, see articles here and here.)

There are also a number of commercial encryption software products that will secure garden-variety storage devices, including SafeHouse from PC Dynamics, and BitArmor Managed Encryption, a hosted service.

Benefits of Hardware-based encryption

Notwithstanding that you need software to encrypt storage devices you already own, opting for new hard/Flash drive devices with native hardware-based encryption, such as Seagate’s BlackArmor PS 110 or the Kanguru Defender Pro can provide some important benefits. First, they’re less susceptible to compromise by malware since encryption is performed on a chip rather than by an application (which can be vulnerable to weaknesses of a computer’s operating system).

Moreover, hardware-based encryption tends to provide faster encryption/decryption and better overall system performance since it doesn’t rely on the processing resources of the host computer.

OS support and authentication options

Many hardware-encrypted storage devices still require a software device driver and/or utility in order to mount the drive and verify a password before unlocking it, so if you plan to use a device with multiple operating systems, be sure its software, if any, provides cross-platform support. 

Some devices, like the Corsair Flash Padlock 2 and Lenovo ThinkPad USB Secure Hard Drive (pictured, below), eliminate the need for software by allowing you to enter a PIN or password directly into the device via an integrated keypad. Others like the Kanguru Bio AES or Apricorn Aegis Bio incorporate biometrics for two-factor authentication—a password plus a fingerprint scan-- but do require software to register fingerprints. 

Device safeguards

When a storage device goes AWOL, you’re not likely to ever see it again, so it’s important to know what happens if and when an unauthorized person tries to access it. To protect against brute-force password attacks, secure storage devices will generally lock up—at least temporarily—after several failed logins, but some can be configured to automatically wipe data after a given number of bad login attempts. Furthermore, some devices are designed to thwart physical tampering, or like IronKey’s D200/S200, detect it and self-destruct if the storage media is removed from its enclosure.

What if it’s not the storage device that gets lost, but rather the user’s password? Choosing a device that supports both user and administrator access will enable you to recover the data; otherwise, you may have to wipe the data yourself to reuse the device.

Remote managementLenovo SecureHDD_01.jpg

If you plan to deploy a large number of secure storage devices you may want to consider those that offer an option for centralized remote management. Product add-ons or upgrades like the Kanguru Remote Management Console or IronKey Enterprise will allow you to do things, such as audit device activity and location, modify passwords and policies, or remotely wipe the contents of a missing device.

Interface and media options

Flash memory and hard drives with USB 2.0 interface are the most common types of secure removable storage, but there are also some higher performance alternatives like the Lenovo ThinkPad eSATA/USB 500 GB Secure Hard Drive, Seagate’s BlackArmor PS110 USB 3.0, and the Super Talent SuperCrypt USB 3.0. Apricorn’s Padlock is also available in an SSD version.

Joseph Moran is a veteran technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed.