New Hardened Thumb Drive Self-Destructs When Breached

IronKey's new S200 includes strong encryption, anti-malware controls, and security policy management
IronKey has developed an ultrasecure, hardened USB thumb drive that self-destructs when its tamper-resistant controls are disturbed.

The new S200 device, which also uses hardware-based AES 256-bit strong encryption and includes anti-malware scanning and security management features, meets one of the federal government's highest security specifications, FIPS 140-2 Level 3, for storing top-secret data.

"FIPS 140-2 Level 3 basically addresses tamper resistance and is more often associated with high-confidence hardware in the data center, such as hardware security modules, than with removable media," says Scott Crawford, managing research director at Enterprise Management Associates. "FIPS validation to this level speaks to IronKey's commitment in this domain."

The S200 is wrapped in a hardened metal casing that protects the cryptographic and memory chips from tampering or physical access. IronKey also provides some anti-malware protections to the USB drives -- it locked down the risky AutoRun feature on the USB drive to prevent worm infections (think Conficker) and provides a read-only mode for further protection. IronKey also offers optional anti-malware scanning, as well as a cloud-based management service that handles security policy enforcement and malware signature updates. There's also an enterprise management server option for organizations that want to host their own management operations for the drives.

"This storage device is more secure than a hard drive on a laptop. If it's tampered with, the data is destroyed, and it disintegrates," says John Jefferies, vice president of marketing at IronKey. "The big news is that it's FIPS 'tamper-evident' [design-compliant] and physically hardened with strong key management. And you have 256-bit encryption for storing top-secret [data] at the highest NSA levels."

Self-destruction features aren't new to storage devices, however. "Self-destruct, or phone-home and self-destruct capabilities, have been standard on disk encryption products from folks like Check Point (Pointsec), Sophos (Utimaco), Credant, and McAfee (SafeBoot) for years," says Nick Selby, CEO and co-founder of Cambridge Infosec, a security consultancy in New York. "The concept is nice, though if the data is properly encrypted, the 'poof!' effect is good and redundant."

IronKey says its target customers are obviously the federal government, but also enterprises, such as financial institutions.

"I think there is a ripening market for secure USB drives. It is not going to take the world by storm overnight, but there really aren't secure alternatives to 'glue-in-port,'" says Pete Lindstrom, research director for Spire Security.

The S200, which comes in sizes from 1 gigabyte up to 16 gigabytes of storage, is priced from $79 to $299. IronKey will begin shipping the device in early August.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading