Securing data is a difficult job as evidenced by the constant stream of data thefts, either from server breaches or stolen laptops. The latter is something iStorage is hoping to help prevent by building highly secure portable hard drives that can store sensitive data but be transported from desktop to laptop, from work to home, with a low risk of data theft, even if the device is stolen.
The company has several product offerings, and today I'm looking at the diskAshur PRO2, a USB 3.1 device that has met the rigorous demands of many highly-regarded security certifications, including FIPS 140-2 Level 3 validation through the National Institute of Standards and Technology (NIST).
The iStorage diskAshur PRO2 comes in six different storage capacities (between 500GB and 5TB) but otherwise lacks any customizations. For those who prefer solid state devices, there is a diskAshur PRO2 SSD model that is the same, except it comes with an SSD instead. In both cases, power is supplied via the USB port, so there are no external power adapters. The device works with any operating system, making it extremely flexible.
|500GB, 1TB, 2TB||124 x 84 x 20 mm / 4.9 x 3.3 x 0.8 inches|
|3TB, 4TB, 5TB||124 x 84 x 28 mm / 4.9 x 3.3 x 1.1 inches|
|500GB, 1TB, 2TB||225 grams / 7.9 ounces|
|3TB, 4TB, 5TB||331 grams / 11.7 ounces|
|Encryption||AES-XTS 256-bit Full-Disk Hardware Encryption|
|Data Transfer Speeds||Up to: Read 148MBps / Write 140MBps|
If you're worried about water and dust, the diskAshur PRO2 has an IP56 rating, which means you can't submerge the drive, but if you carry it out in the rain, you will be fine.
The drive ranges in price from £209 for the 500GB version, to £489 for the 5TB version. I was given the 1TB version to review, which retails for £269 ($375 at Amazon). It's available directly from iStorage, as well as at your typical retail locations such as Amazon, Insight, and CDW.
If you're looking for cheap and portable storage, but don't care about security, then there are far better solutions in the market for you that come in at cheaper price points. If you require your data to be secure, then the diskAshur PRO2 shines.
The first thing to note is that iStorage isn't just touting security features on their marketing slides: the company went out and received several highly regarded certifications, with the most impressive (in my opinion) being FIPS 140-2 validation through the United States National Institute of Standards and Technology (NIST). You can read about all of the requirements that FIPS 140-2 validation entails at the NIST website, but in a nutshell, reviewers look at everything from role-based access, the physical security of the device, cryptographic key management, EMI impact, and more. The standard has four levels, and the diskAshur PRO2 was validated at level 3.
In addition to FIPS 140-2 validation, the diskAshur PRO2 also has NLNCSA BSPA certification as well as NATA Restricted Level certification. It also is NCSC CPA rated, and meets Common Criteria EAL4+ (security and government both love their acronyms!).
After connecting the drive to a computer via USB, the drive is powered but is not in a readable state. The user must first type in a code on the provided keypad in order for the storage to be recognized via the operating system. I'm sure everyone's seen heavily used keypads with the numbers smudging off, a tip to what numbers are part of the code. As an extra security measure, iStorage coated the keypad itself in an epoxy to prevent key wear.
To prevent an attacker from creating a robot that can press all key combinations, after five incorrect codes, the drive must be disconnected from the USB port and then reconnected. After the next five failed attempts, the drive must be removed and the shift key pressed while being reconnected. Finally, if the next five attempts (for a total of 15) fail, the drive deletes the encryption key and locks itself, in essence destroying the data.
Since this is a physical drive that's carried around, what's to stop the bad guy from simply accessing the internal components directly? That's done by covering the internal components in an epoxy resin which, according to iStorage, "is virtually impossible to remove without causing permanent damage to the components. This barrier prevents a potential hacker from accessing the critical components and launching a variety of futile attacks." In addition, the design of the enclosure makes it easy to tell if the device has been tampered with, giving visual evidence of an attack should the drive be recovered.
During the review, I wasn't able to find a way to open up the enclosure to get to the physical drive without potentially breaking the enclosure as there were no screws holding the device closed. Even removing the rubber feet on the bottom of the drive didn't help as there was nothing but more plastic underneath them, and it was extremely difficult to get the feet back in, providing some measure of tamper evidence. While I could've broken the device to get into the guts, the fact that NIST has already validated the security means I didn't have to damage the diskAshur PRO2 myself.
To help prevent someone from walking off with the drive, you can attach a standard Kensington lock to the device.
The diskAshur PRO2 has the concept of both an admin account as well as a user account, each of which are activated based on the PIN entered to unlock the device. The admin account has full control over the device and can set things like PIN complexity rules, create user accounts, set the device to read-only mode, and the like. User accounts are generally made to simply read and (optionally) write data to the device. Using the device is as simple as plugging the diskAshur PRO2 into a USB port and typing the PIN of the user you want to login as.
The device can also be given a "self-destruct" code. If this PIN is created and then used, it will automatically wipe the encryption key and all of the data on the device when it's entered.
All of the settings are configured through the iStorage diskAshur PRO2's keypad. While this makes the drive platform agnostic, which is a great feature, it makes memorizing what buttons to change the features all but impossible. After the initial setup, all you'll need to remember are the admin and user PINs, but during the setup make sure you keep the handy manual that explains each of the features close by as you will be referring to it often.
All of those security features are worthless if the diskAshur PRO2 has terrible performance. I'm happy to say that, although performance wasn't amazing in my setups, considering everything is being encrypted on the fly, it was definitely good.
As with my NAS reviews, I created a RAM disk on my primary workstation, copied either one large 4GB video file or 4GB worth of MP3 files, and started copying the files to the diskAshur PRO2 and then from the device back to the RAM disk. Unfortunately, after running the tests I realized that because my workstation is older, it only has a USB 2.0 port, and the results suffered because of it. Copying the small files to the drive netted a whopping 23MB/s, and copying large files to the drive faired only slightly better, at 29MB/s. Flipping the direction showed a moderate improvement: copying small files from the drive to the workstation came in at 29MB/s, whereas copying large files resulted in a speed of 33MB/s.
To get a better idea of performance, I had to connect the diskAshur PRO2 to a laptop that had USB 3.1 ports. Doing this gave me between two and three times the performance, which was to be expected. Copying both small and large files to the drive showed speeds of 83MB/s, as did copying large files from the drive to the laptop. Where performance really soared was copying small files from the drive to the laptop, coming in at 109MB/s.
According to specs on the iStorage website, the maximum performance is 148MB/s (Read) and 140MB/s (Write), but I suspect that's the theoretical maximum and isn't something you will find in real-world usage.
While not everyone requires the high level of security that the iStorage diskAshur PRO2 provides, for those who want to work on data in the most secure manner possible, this device hits all of the marks and should be something you consider. Although many companies claim that their devices are secure, iStorage went the extra mile and had it independently validated; for me, the fact that it received FIPS 140-2 validation from NIST proves that it's a top-notch value because that's a difficult bar to reach. The only negative I could find with the device is the fact that it's impossible to memorize all of the key combinations to setup various features, so make sure you have the manual nearby.
Otherwise, because of the combination of highly secure configurations and the fact that you can use this device on any platform, I would not hesitate recommending the diskAshur PRO2 to anyone who requires encrypted portable media.