Vendors just won’t give up on encrypted USB drives. The cloud should have rendered them obsolete but somehow it hasn’t worked out that way. Despite some obvious drawbacks, many organisations still prefer to hand employees physical USB sticks rather than adopt cloud services that some (rightly or wrongly) believe come with insecurities of their own.
However, this corner of storage still requires lots of investment on tight margins which might explain why struggling Imation sold its IronKey division to Kingston Technology in February 2016 for an undisclosed sum. This came after Imation itself bought struggling IronKey in September 2011 in a bid to diversify away from what it believed were less exciting storage sectors.
Imation also bought out other firms in this space during that year, including McAfee, Encryptx and MXI Security. Given Imation’s current terrible state, the strategy clearly failed. The recent sale sounded desperate enough that IronKey was described in the press release as an “asset,” which has a whiff of distress about it.
We mention this in a review of Kingston’s latest DataTraveler 2000 encrypted USB stick because the acquisition of IronKey will almost certainly affect the future direction of this product line. Adding to the confusion, Kingston's drive has an iStorage logo printed on one end which makes clear that it is a re-badging of the UK company's datAshur line. If that is the case (we were unable to confirm it but assume this to be the case) then Imation's lineup might replace this product in time.
In effect, the DataTraveler 2000 is a rebadged iStorage drive that might at some point be ditched for whatever the purchase of IronKey from imaiton turns into - or perhaps not and it will be sold in parallel. We will amend this review when we have confirmation one way or the other.
The latest Kingston product uses XTS-AES 256-bit encryption in a PIN keypad design (licensed from a company called ClevX), the pros and cos of which we discuss throughout this review. The first advantage is that it can be plugged into any computer without the need for drivers. Rival designs based on drivers will work with Windows and Mac but the Kingston can in addition cope with Linux, Android and even Google’s Chromebooks.
The downside is the keypad itself. On sister title Techworld, we reviewed a cheaper version of the same iStorage DatAshur design and found it incredibly fiddly to use. Anyone with larger than average hands would struggle to enter a PIN let alone reset it, a major drawback. A reference customer for this drive is London Underground which started using 250 drives in 2015.
Based on the more expensive version of the datAshur, this product is much better. Entering PINs is easy with a good travel on the keypad so we’d have no reservations about the product on this score.
Kingston DataTraveler 2000 review – setup
Accessing the drive is as simple as entering the correct 7 to 15-digit PIN before the drive is plugged into the PC. This reveals another consequence of the keypad design; the drive requires an internal rechargeable battery to power the drive during this operation. Before the Kingston can be used for the first time, this has to be charged for a one-off period of 60 minutes. After that, simply plugging the drive into the PC for a few minutes should be enough to top this up.
Security: The second major advantage of entering the PIN before the drive is plugged into the computer is that it can’t be sniffed or keylogged by malware hiding on the host system. Unlike the passwords used on rival designs, the PIN never leaves the drive itself.
Changing PINs: The second task is to change the default PIN to something more secure by following a defined sequence of key presses. This can either be numbers alone or a mixture of letters and numbers (each PIN key can also be used to enter letters if it is pressed the required number of times). Obviously the more complex the passphrase, the longer it will take to unlock and the greater the chances of an error.
In use we found setting a complex password quite confusing and time-consuming because there is no feedback to let the user know that the wrong key has been pressed until it becomes obvious later that it hasn’t worked. It’s not insurmountable but it’s hard to see users wanting to set up passwords very often, something to be aware of.
For extra security, a timeout can be set of between 1 and 99 minutes after which the drive will ask for the PIN even when plugged into the PC. Otherwise the drive will wipe itself should anyone attempt to brute force the PIN after 10 consecutive attempts.
Kingston DataTraveler 2000 - conclusion
Organisations that prefer physical storage drives will find plenty to like in this drive and its design. The keypad is usable and the security on offer. Being able to use it with any computer regardless of platform will be a big plus for some customers. Physically, the hard plastic design inside a metal case seems robust.
The downsides are expense - this isn't a cheap drive by any means. Another question is whether Kingston will move to offering products based on the IronKey technology it recently purchased or stick with this design which is basically a re-badging of technology from UK firm iStorage. Customers might also prefer to buy it from that source.
Specification: 16GB, 32GB, 64GB USB 3.1 secure USB drive (135MB/s read, 40MB/s write, 32GB version); supports Windows 10, Windows 8.1, 8, 7 (SP1), Vista (SP2), Mac OS X v. 10.8.x+, Linux v. 2.6.x+, Chrome OS, Android. Uses ClevX DataLock technology, AES-256 encryption in XTS mode.
Price: £90 (16GB), £104.28 (32GB)
- Password/PIN can’t be keylogged by malware
- Multi-platform, requires no drivers
- Offers auto-lock feature
- Time consuming to set up for admins: central management options seem limited
- Initial setup is time-consuming
- No getting away from it. This is an expensive drive
- Unlike the iStorage datAshur, no FIPS compliance