The Spyrus PocketVault P-384 is the first commercial release of the company's secure, encrypting USB technology. The crypto is cool but this first release seems a bit thin when it comes to added extras like backup to make sure that secure mobile data stays around.
Spyrus has entered the commercial USB encrypted drive fray girded
with an encryption algorithm that is more sophisticated than competing
The PocketVault P-384 uses elliptic curve cryptography as put forward
by the NSA (National Security Agency) called "Suite B." Suite B
algorithms are published for use in protecting classified and
unclassified data that must be shared between agencies. Aside from
anything else, the PocketVault is certified as a FIPS 140-2 Level 3 USB
Spyrus is hanging its hat on the relatively stronger Suite B
cryptographic protection that uses a newer AES-XTS 256-bit full disk
encryption rather than the more widely used AES-CBC code. Even so,
tests of this first-version release at eWEEK Labs showed that while the
PocketVault is simple to deploy and deft at keeping data secret, there
is sparsity of supporting tools for the mobile data product.
The 8GB PocketVault P-384 is available now and costs $129.55 with volume discounts available.
For example, competitor IronKey also makes an 8GB, FIPS 140-2 Level 3
USB encrypting drive designated the S200. The personal version lists
for $199 and comes with private browsing and password management, in
addition to a number of physical protection mechanisms. The enterprise
version of the S200 adds a suite of provisioning, remote wipe and
backup tools. Spyrus makes the Spyrus Enterprise Management Suite but
does not provide an online backup tool for the PocketVault.
All of the software needed to run the PocketVault on Windows and Mac
systems is included on the USB drive itself along with the user guide.
The basic operation of the PocketVault is similar to other secure USB
drives. Double clicking the launch icon opens a password screen. On
first use I created a rather complex password and provided a hint that
could be used in the future to jog my memory. While the hint screen
didn't let me use my exact password as the hint, I was disturbed to see
that simply changing the case on the letters and substituting the
number "1" for an "!" was enough of a change to leave my real password
pretty well exposed. Of course, a user who leaves this many hints
likely shouldn't be entrusted with sensitive data. However, I expect
security tools to make it harder than the PocketVault did for users to
do the wrong thing.
Once the PocketVault software was running on my system, a second
encrypted, secure drive appeared on my computer explorer. I was able to
open this directory, copy files and close out the drive to securely move
files between systems. Spyrus did a good job of ensuring that the
encrypted drive was disabled when I put my test Lenovo W510 laptop to
sleep. For my tests, I allowed the PC to wake up without requiring a
password. Even in this case, the PocketVault successfully deactivated
the encrypted drive, forcing me to restart the PocketVault and re-enter
my password to access my encrypted files.
As with other secure, encrypting USB flash drives, the PocketVault has
a number of physical, anti-tamper security devices that automatically
lock out access if a forced entry is detected. This includes casing
around the drive components. The PocketVault can also use optional
antivirus protection from McAfee to block malware entry onto the drive
although I would prefer an option to start the encrypted drive in
read-only mode to ensure that malware can't be loaded on the drive.
Additionally, if the PocketVault detects more than 10 failed password
attempts, the device will permanently block itself.