Hardware encrypted USB sticks have been shown to be easily circumvented, I read recently.

So, how safe is your data? Do you even care?

I find no surprise these days, in what sort of data people routinely carry around – on their person. While this may not seem particularly un-safe, it may be wise toi reflect on this: laptops are almost always stolen when they get moved. This is because people are not perfect – they forget and leave things unattended – all the time.

You might think your USB key is extra safe, because it is ‘hardware’ encrypted, which we all know is the best – but is it?

This article clearly demonstrates that security isn’t something you can buy – it is a state of mind.

All sorts of vendors make huge claims for the security of their products, but when it comes to encrypting data, these claims can be very difficult to verify. Much worse, these devices were given the ‘all clear’ by certifying them as FIPS 140-2 compliant, which is a NIST security standard – any non security expert, is going to read this as some kind of guarantee.

So, what can you do?

Bruce Schneier (industry expert) wrote an essay on how to define the good from the bad, but as you can see, it’s not for the faint hearted!

As for me, I put Mr. Schneider’s essay to the test and reviewed many of the available encryption packages. To this day I have yet to find a better solution than Truecrypt – though I do not endorse any products – Truecrypt does appear to check all the boxes. (Within the corporate enterprise though, I would probably choose SafeBoot – Bitlocker is ok, but Safeboot is easier to manage in the enterprise.)