Centrally Offered Encrypted USB Drive Solution
March 2, 2017
Overview
USB drives are extremely useful devices for transferring data between computers and users. However, that convenience comes with a large amount of risk and placing University data on an unencrypted USB drive can have significant consequences if that device is lost or stolen. Those consequences could include financial, business, or reputational impact to the University.
The CCS Information Security team is pleased to announce that we can now offer a centrally supported encrypted USB solution to campus to address these concerns.
After evaluating several secure USB device options, we recommend the following products:
- Aegis Secure Key USB drives for sensitive data with the added benefit of central management, and
- Kingston Data Traveler Vault Privacy keys for less sensitive information.
Details
CCS Information Security has created a two-tier solution for encrypted USB drives based on the University's Data Storage Guideline:
Tier 1 - Aegis Secure Key and Fortress Portable Drives
For storing sensitive data where the University would require maximum security and central management, we recommend the use of the Aegis Secure Key 3.0. These devices are the most secure option as they offer AES hardware encryption and data can only be accessed after typing in a PIN on a physical keypad on the device. The units allow for an administrative user (CCS InfoSec) as well as a regular user. If a user forgets their PIN, CCS InfoSec can reset it for the user. As well, if a device is lost and returned to CCS we can determine the correct owner. These devices can also be used in read-only mode so that they can be used in public computers with no danger of being infected with malware.
Tier 2 - Kingston Data Traveler Vault Privacy 3.0
As a second tier option, Kingston offers the Data Traveler Vault Privacy devices that utilize software encryption and are completely unmanaged. Upon plugging the device into a system the user is required to enter a password of their choosing before being able to access the data. There are no management capabilities for these devices and a lost or forgotten password will result in complete data loss. As such, these devices are not recommended for storage of confidential data.
|
|
Approximate Cost |
Public Data S1 |
Internal Data S2 |
Confidential Data S3 |
Restricted Data S4 |
|
Aegis Secure Key |
30GB = $180 |
|
|
|
|
| Aegis Fortress Portable Drive (Link) |
500GB = $255 |
|
|
|
|
|
Kingston Data Traveler Vault Privacy |
8GB = $40 |
|
|
|
|
Ordering and Deployment
For Aegis Secure Keys and Portable Drives, CCS Information Security will place the order on behalf of the client using their supplied GL code. Orders will be shipped to the InfoSec office so that the admin PIN can be applied and securely stored prior to delivery to the customer.
Kingston Data Traveler Vault Privacy devices do not have central management capability, and therefore customers can order and procure these themselves through the vendor of their choice. They are available through several online and retail vendors such as Best Buy and Staples. It is important to note that Kingston brands several types of USB storage devices under the Data Traveler brand, so customers need to ensure they are purchasing the Vault Privacy (DTVP30) version.
Requests or questions can be submitted directly to the CCS Information Security team (infosec@uoguelph.ca).
Written By: CCS Information Security
Updated: March 27, 2019