The Gadgets Page

December 4, 2008

Review: SanDisk Cruzer Enterprise

Filed under: Computers and Peripherals — Matthew Strebe @ 5:50 pm

Cruzer Enterprize 2GB at Amazon.comThe SanDisk Cruzer Enterprise is a new entry in the “Secure Flash Drive” market currently dominated by IronKey. Like IronKey, SanDisk Cruzer Enterprise provides on-board data encryption to ensure that nothing you store on the device will be compromised if you lose it. For individual users, this is all the security you’ll probably ever need.

Secure Flash Drives work by emulating two devices: A CD-ROM and a flash drive. The CD-ROM contains software that allows you to provide a secret key to decrypt the flash drive contents, and this allows the flash drive to appear as a removable device.

SanDisk Cruzer adds Enterprise management features that allow network administrators manage passwords for these USB drives centrally and remotely disable them in case they’re lost. IronKey on the other hand simply bricks the device if you mistake the password more than ten times. Both are effective at preventing data loss.

SanDisk markets this as an “Enterprise” product, meaning that they specifically target large businesses. Enterprises have two masters to serve: The individual user, and the security policy of the corporation. These devices serve the individual well, but they don’t measure up to Enterprise security requirements.

SanDisk Cruzer Enterprise flash drives cost about the same as IronKey devices, and provide a similar technical feature set. Unfortunately, SanDisk Cruzer Enterprise flash drives are not Macintosh or Linux compatible (the IronKey is Mac compatible) and unlike the IronKey, the SanDisk is made of plastic and can be easily disassembled. Performance is lack-luster with the SanDisk, reading at 11MB/sec and writing at 6. IronKey devices are substantially faster.

Cruzer Enterprize 2GB at Amazon.comAs for security flaws, there are two possible attacks that these devices are susceptible to: Firstly, if the device remains powered after being unlocked, it will continue to provide access to data even if it is removed to another running operating system. In practice, this is so difficult to achieve that the attack is esoteric, but you can confirm it by unlocking the device in a virtual machine and then disconnecting the device from the VM. The device will mount on the host with its encrypted drive available (even on a Mac or Linux).

The second possible flaw is that because the key exchange is provided via the computer’s keyboard, a hardware or software keylogger can intercept it. The ideal solution would be to have a biometric fingerprint reader on the USB device so that the key needn’t travel through the computer. This would also make the device universally compatible.

There are three major enterprise security problems with USB drives, and these devices only solve one of them. The three problems are:

  • Accidental loss of data due to loss or theft of device.
  • Intentional copying of data by employees or others with direct access to computers.
  • Introduction of malware via documents or applications stored on the flash drive.

The first problem is eliminated by secure flash drives, but the second and third problems are both more likely to occur. The Department of Defense recently outlawed all USB flash drives due to a worm outbreak that was carried into the network on a secure flash drive—the worm came from a home computer and was encrypted just like everything else on the drive. The drive did its job—but it was the wrong job.

Both IronKey and SanDisk tout enterprise management features as though they completely eliminate all security problems, but nothing about these devices prevents documents that an employee can access from being removed from the facility without permission, nor do they provide any substantial facility to mitigate malware that might be contained on the device. Finally, they don’t prevent the employee from simply using a different non-secure flash device to circumvent the security measures that these devices do have.

Both SanDisk and IronKey are guilty of whitewashing enterprise security issues that their devices don’t solve. These devices provide “opt-in” security—users who allow themselves to be restricted by their features can be managed, but anyone can “opt-out” by simply using a different device.

The only way to securely manage removable media is for the computer to reject any media that has not been securely paired to the network, which is functionality that no device by itself can ever provide.

For individuals looking to protect secrets, these devices are fine, but the IronKey devices are better than the SanDisk devices in every respect. There is no flash drive that is ready for Enterprise data security in my opinion, so the additional network management features provided by the SanDisk Cruzer are basically meaningless—and could be considered harmful if IT has been convinced that they are secure in all respects or has overlooked the fundamental problems associated with all removable media.

If you’re looking for real enterprise data security, don’t allow removable media drives on your network at all.

No Comments

No comments yet.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress
(c) 2003-2017 Michael Moncur, Laura Moncur, Matthew Strebe, and The Gadgets Page