Hitherto sold for capacity and sometimes portability, external hard drives are now turning into box fortresses for data. Currently, this means adding some form of ‘transparent' encryption, speeded by a built-in crypto chip to offload some of the heavy mathematical lifting from the PC. There are only a handful of such drives on the market right now, but the day is beckoning when more or less every external drive will come with some form of security (read: encryption) system to guard its contents from prying eyes.
From out of left polder, Dutch storage vendor Freecom has suddenly come up with a totally different security concept for external drives based on plastic RFID swipe cards. Instead of encrypting the entire contents of the drive, the company's new Hard Drive Secure encrypts a fixed access key on a token card which must be moved in front of the drive each time it is powered up in order to access the data.
No card, no access to data on the drive, which comes in capacities from 500GB to 2TB. The drive remains ‘locked' until either the primary or backup cards is presented to it. If both cards are lost, it is possible to get new ones from Freecom but the drive itself will have to be re-initialised, a process which formats and loses all data stored on the drive.
Freecom hasn't been especially open as to how this ‘unlocking' process works, but we assume that the RFID instigates AES-128 bit decryption of a small hidden partition, which in turn allows the drive to be accessed by Windows (it also supports the Mac). Without access to that partition, the data on the drive cannot be accessed short of opening up the drive in a data recovery lab, so there is a reasonable level of security being used here however unorthodox it sounds.
This is not as theoretically secure as full drive encryption, but Freecom's view is probably that this is not the sort of 100 percent guarantee that most drive users need. The average desktop user simply wants some assurance that while the drive is unattended, or if it is stolen, a criminal will not have access to its contents without going to some effort and expense to retrieve its contents.
A deeper question is why this design is better than just using encryption with a passphrase. As far as we can work out, there are probably two benefits.
The first is that the drive can be shared without having to pass on an access key, something which can compromise security in the long run - an authorised user is simply anyone with the RFID card. The second advantage is that there is guaranteed to be no encryption overhead as files are written to and from the drive. Once unlocked, the drive behaves like any other USB 2.0 hard drive.
The disadvantage is that either one of the supplied RFID cards could get lost or fall into the wrong hands, and have to be looked after.
By default the drive behaves like any other USB 2.0 drive under Windows XP/Vista/Mac OS X (it also works with Windows 7), appearing as a mass storage device. Adding the RFID security requires associating both primary and master (aka backup) cards in turn with the drive using a software utility. Once this has been completed, a red LED indicates that the drive is locked, a green one that it has been unlocked after moving the swipe keycard near the drive's front panel. The unlock event takes a second or two at most, after which it remains in an open state until either the drive or PC is turned off. There is no way for the drive to lock itself after a timeout, which would be an issue for some users.
The drive can be used with any number of different PCs or Macs, however.
Freecom ships the Hard Drive Secure with a number of basic backup and drive imaging software utilities, including NTI's Shadow, and a TurboUSB driver that claims to speed up performance which we didn't test.
Physically, the drive itself looks like any other desktop unit on the market, with USB or Firewire interfaces, depending on version, an ON/OFF switch and white, red and green LEDs on a blank front panel. The case is aluminium and fanless, which makes it silent in operation bar a barely audible drive hum.
The footprint is a bit larger than a CD jewel case, and quite bulky in the 500GB version. Clearly the case was designed with the need to accommodate Terabyte levels of storage, but two optional rubber feet allow it to be set up vertically to reduce the amount of space it uses.
Does it beat a self-encrypting external drive? For a single user, it is probably easier to remember a passphrase than an RFID card, so perhaps not. Weighed against that is the fact that the Freecom guarantees a conventional level of file read and write performance, an area in which none of the current crop of transparent encryption drives have proved themselves.
The other benefit is price, with the 500GB coming in under £100. An equivalent encryption model would undoubtedly cost more for the same capacity, and none of the current crop would go up to the 1 and 2TB mark as does the Freecom.
Where the Freecom might work best is in a small office where a drive needs to be shared among a small group of people and high capacity and performance are not compromises that are easy to make. In that setting, the Hard Drive Secure offers decent security without as many disadvantages as rival designs. Overall, we would recommend this drive over a conventional USB drive where any of the files being stored are of a confidential nature.