Would you carry secret data on a USB flash drive?

The problem with secure USB keys is that only works if the end user remember to bring the data along.

I just finished reviewing the 8GB Spyrus PocketVault P-384 encrypting USB drive.

The review process took a little longer than I would have liked because I lost the device for a day. In an effort to keep it in a place I could remember, I plunked it in the pen-and-pencil holder on my desk. Yep, it was safe alright.

In fairness, I never once worried that the encrypted data on the drive was in danger. I was sure the test files that I’d placed for safekeeping on the PocketVault would be pretty difficult to retrieve if the device had been truly lost.

The problem was that with the “loss” of the USB drive, I also no longer had access to my secure data.

Don’t get me wrong, I understand that some businesses still need end users to carry around super-sensitive data. And I understand that separating that data from the laptop by transporting it on a self-encrypting USB flash drive might add an element of protection. For those use cases, the PocketVault is on okay product. The problem with secure USB keys is that only works if the end user remember to bring the data along.

That’s true of lots of devices. Car and house keys, phones, wallets...heck, even my Clipper commuter card. In this day and age, however, adding to the list of physical devices that a mobile worker must remember to “throw in the briefcase” is moving in the wrong direction. And the last thing I want on my keyring is a USB fob.

In most cases, I would prefer that mobile workers only be required to carry a portable device (laptop, tablet or smartphone) that provided strong access controls, local disk encryption--or better yet--secure access to a cloud based system so the data and applications never leave the data center. For IT managers making strategic decisions today for how to support mobile workers in the near future, I’d advise a solution that added little to no new hardware devices. Focus instead on using the cloud first and the ever increasing power of mobile hardware second to protect data that simply must travel with an end user.