Secure Hardware Encryption For USB Flash Drives
The Benefits of AES Hardware Encryption for Secure USB Flash Drives, Hard Drives and Solid State Drives
Securing Important Information with AES Hardware Encryption
AES hardware encryption has been around for a while, but you may be wondering how it protects and secures important and sensitive data on USB flash drives, hard drives and solid state drives. Kanguru Defender® secure USB drives provide the very best in FIPS Certified AES hardware encryption to help organizations secure their information, comply with tight security regulations like HIPAA, GDPR, SOX, GLBA, FINRA, FERPA, etc., and follow best practices for their valued clients and customers. A good understanding of the benefits of hardware encrypted drives will help you in selecting and deciding the right data security products for your organization.
What is AES Hardware Encryption?
AES stands for Advanced Encryption Standard, and is a specification standard by the National Institute of Standards and Technology (NIST) for the security of data. AES is a widely recognized and adapted cryptographic module used in the U.S., Canada and worldwide by military, government, financial institutions, and organizations all around the world as the standard for encrypting and decrypting of data. There are different degrees of AES hardware encryption, for example 128-bit, 192-bit, and 256-bit, with each key size providing an increased level of protection and complexity. Essentially, AES encryption is a block of algorithms that "scrambles" the data into unreadable code for transport, then when reconnected to the user, is unscrambled again by the same algorithm when the right keys are provided. These algorithms are highly complex. To put it into perspective as one researcher at Leuven University puts it, “if a hacker were to attempt to “break the code” to gain access to an AES 128-bit encrypted flash drive, the number of steps he would have to take is an 8 followed by 37 zeros. This would take a trillion machines, testing a billion keys per second, two billion years to uncover an AES-128 key.” 
The illustration below (Figure 1) demonstrates the encryption process in its simplest terms. The original, readable data is scrambled through an encryption algorithm so that the data becomes completely unreadable. The information can only be unscrambled or decrypted when a user enters the same encryption key, which is most often by password. This process can be done through either software encryption, or hardware encryption.
Hardware Encryption VS. Software Encryption
For encryption security on USB flash drives, hard drives and solid state drives, two types of encryption methods are available: Software Encryption or Hardware Encryption. Software Encryption is software based, where the encryption of a drive is provided by external software to secure the data. Software encryption options are available on the market as a cheaper alternative to hardware encryption, but the disadvantages tend to outweigh the benefits. It often requires numerous updates to keep up with hacking techniques, could be quite slow, and may require complex driver and software installations. Software encryption also may not provide the full security that businesses are expecting, to keep sensitive information from falling into the wrong hands. Though software encryption is better than having no encryption at all, it may still be vulnerable to user error, leaving data to fall through the cracks and be susceptible to potential thieves. Since software encryption requires users to follow certain procedures in order to secure the data, users may forget - or choose to ignore certain aspects of the encryption process.
With hardware encryption on secure USB drives, the AES encryption process is handled automatically, built right in with a small chip inside the drive itself. Once original data is encrypted, it becomes undecipherable in the background and is locked away under encrypted storage within the drive. If a thief were to try to gain access to the data without the password, the attempt is by all practical means impossible. But once the user enters their private password, the data is decrypted instantly, and made fully available to the user.
256-Bit AES Hardware Encryption on Kanguru Secure USB Drives
Because of the potential vulnerabilities of software encryption, Kanguru strictly uses 256-bit AES hardware encryption for all Kanguru Defender secure USB flash drives, hard drives and solid state drives. Kanguru's hardware encrypted drives contain an "always-on" built-in random number generator that independently handles all of the security for the drive. When you plug the device into a USB port for the first time, a brief initialization set-up wizard will prompt you to assign a password for the device, along with a few simple questions of your preferences regarding features of the drive. Once you create your password, the encryption algorithms lock into place, and you can begin using your drive just as you would any other USB drive. The only difference you will notice is that you'll be required to enter your secure password when you plug the drive into a new machine to access your information.
When a Kanguru Defender hardware encrypted USB drive is plugged in, the opening screen requires the correct password to be entered before any contents of the drive can be accessed, keeping data safe.
Kanguru's Scalable / Flexible Solutions
256-bit AES hardware encryption provides by far the best level of protection for securing data on USB drives. The Kanguru Defender system of secure, hardware encrypted drives is a scalable solution that can be used by any sized company or organization, from individuals and small businesses, to large enterprise corporations, military and government alike. Whether you have a staff of 1, or a staff of 1000, you can secure sensitive data on USB flash drives, hard drives, and solid state drives anywhere and ensure its protection.
Guarding Against Brute-Force
Kanguru's secure measures do not stop there. To ensure the physical protection of the hardware encrypted chip inside, and guard against any brute force attempts that might try to gain access to the chip, Kanguru pursues a variety of world-renowned and widely-respected security certifications. These certifications are based on intense scrutiny of the best methods used to protect the encryption within the drive. For example, by achieving one of the highest levels of FIPS 140-2 Certification, at level 3, the Kanguru Defender 2000™ hardware encrypted secure flash drive demonstrates that it is the best in protecting against brute-force and any type of tampering. Most USB manufacturers tend to settle there, content with meeting the security requirements of physically protecting the hardware encryption of the drive. But Kanguru is devoted to offering the absolute best in USB security along with best practices for the highest quality encryption. By additionally pursuing Common Criteria testing and qualifications, Kanguru further demonstrates its commitment to excellence, and ensures its valued customers that their Kanguru Defender secure hardware encrypted drives will fully secure their important and sensitive data, to meet the highest level of security standards. Kanguru achieved Common Criteria certification in December 2014, now offering the world's only Common Criteria / FIPS 140-2 Certified secure USB flash drives. To learn more, see Highly Certified FIPS 140-2 and Common Criteria USB Flash Drives, or FIPS 140-2 and Common Criteria, Why It Matters.
Remotely Managing Kanguru Defender Hardware Encrypted, Secure USB Drives
Kanguru also offers a unique and robust solution for organizations to be able to monitor, manage, track and interact with assigned USB drives out "in the field". Available as either a self-hosted option or cloud-based secure service, Kanguru Remote Management gives IT administrators and managers the ability to:
- Track And Manage Secure USB Drives Worldwide
- Disable/Delete Lost Or Stolen Drives
- Push Out Files and Messages to USB Drives
- Set Up Online & Offline Permissions
- Generate Reports
- Export Audit Logs
- Manage Passwords
- Notify Users And Roll Out Policy Updates
- Schedule Password Changes
- Restrict IP Addresses and Domains
- Enforce Policies
To learn more, see About Kanguru Central / Remote Management.
Visit Kanguru Defender® Secure USB Hardware Encrypted Flash Drives for more information.
1 Encyclopaedia Britannica; Advanced Encryption Standard, (AES)
 AgileBits Blog; AES Encryption Isn't Cracked, quoting an article by The Inquirer regarding Andrey Bogdanov, Researcher at Leuven University, August 18, 2011