Easy to use, hardware agnostic, powerful cloud based security features, local 256 bit encryption for your data, remote self destruct function
There are cheaper alternatives if you don't need the cloud based device management controls
There is no shortage of software available that allows you to securely encrypt the data on a portable USB drive. There is no shortage of expensive enterprise level management solutions that let you remotely and centrally manage multiple portable devices. But software that encrypts your home or small business based USB portable drives and allows you to remotely manage them via the cloud, at low cost, has been much harder to find. Until now...
British software developer Conseal Security has just launched a rather clever solution to the problem of securing the data on your portable media such as USB thumb drives and portable hard drives while at the same time maintaining fully centralized control of the management of those devices without breaking the bank.
Conseal USB is pretty cool in that it is, for a start, totally hardware agnostic: forget about being locked-in to particular hardware or a specific vendor, this solution will work with all your USB drives. A five license pack will allow you to manage the security of five devices from different manufacturers, mixing and matching different hardware without impacting upon the control you have.
The real beauty of this solution is how simple it is to implement though. Gone are the days of complex setup routines and configuration options capable of turning Stephen Fry into a mumbling wreck. At the heart of the Conseal solution is a triple whammy promise of encryption, management and control.
Encryption comes by way of a 'dual lock' AES-256 bit system to ensure your data is secured while on the move.
Management is provided courtesy of a simple cloud based management console accessible via your standard web browser or smartphone if you are on the move. This includes a complete audit trail of all access attempts against your devices, showing IP addresses, MAC addresses, drive serial numbers, system and login names etc.
Control is absolute: access rules can be specified and limited to person, device, domain or IP address range; you are alerted the moment anyone tries to access protected data and a remote self-destruct function ensures you can destroy the drive contents if it falls into the wrong hands.
It really is a simple solution to the increasingly serious problem of how to secure your data on the move, especially for the small business end of the market which does not have either the budgets for enterprise strength products nor the dedicated IT staff to administer them. Conseal USB can be implemented by the average home user in a matter of minutes, and fully customised management and access controls up and running after a few minutes more. OK, for the average home user it's probably overkill. After all, what home user really needs to be able to limit access to a USB thumb drive based upon IP range or specified times of the day? But it's nice to know that granularity of control is available of needed, and once moved into the business sphere starts making a lot more sense anyway.
Everyone, though, can benefit from getting an email alert whenever someone tries to unlock the data on a protected USB device. That email will detail who has attempted to unlock the card, the computer that was used and whether the attempt was successful. unsuccessful attempts probably being the more useful, as these enable you to decide whether you want to play with the big guns of control that Conseal USB provides. Namely the self-destruct option which will securely wipe all the data from the specified drive, remotely and at the touch of a button.Step by step: how to add secure cloud data control to any USB drive
1. Select a drive to protect
2. Select a secure password
3. Install the Conseal security component
4. How long you have to wait depends on the size of the drive being Consealed
5. After a few minutes the drive will show as protected
6. Protected drives need to be unlocked before they can be accessed
7. Your cloud-based management console allows you to control who can access drives and when, as well as enabling the remote self-destruction of any data if the drive is lost or stolen
Although I understand that this program enables the owner of the USB drive to check where, when and by who it is being used, this is only possible when the USB drive is allowed access to the internet via the computer it has been connected to. Imagine that a professional thief deliberatly took your USB drive to the sole purpose of retrieving its data, he will not be so foolish to allow the USB to connect to the internet, which will result in notifying the owner, which may have already have activated the swipe-on-sight-command using the website that when it is connected again it will be swiped.
Ofcourse then the last line of the defence will be the ASE encryption that prevents the thief to read the data, assuming that he does not have the facilities for brute force or any extra information about the encryption such as processor time etc.. But encryption of your USB drive already exists, services such as TrueCrypt provide that option. So in fact you could say the only difference between the already exisiting usb drive encryption and Conseal Security is that data on the usb drive will be swiped when the program on the usb drive can connect to the internet.
In conclusion, the security of already existing usb drive encryption software and Conseal Security is practically the same, as brute forcing a AES encryption has 2^200 possibilities which would take longer than the age of the universe to complete (source). However, as you need to pay for Conseal Security ( 20 euros per year, as stated in the article), I would prefer the free usb drive encryption software such as TrueCrypt.
In conclusion, the security of already existing usb drive encryption software and Conseal Security is practically the same, as brute forcing a AES encryption has 2^200 possibilities which would take longer than the age of the universe to complete (source). However, as you need to pay for Conseal Security ( 20 euros per year, as stated in the article), I would prefer the free usb drive encryption software such as TrueCrypt. ~G
As I say, the cloud-based management is probably overkill for the average home user, but for the power user or a small business for whom that centralized access control is important then the Conseal USB solution starts to become very appealing. Not least as it is far cheaper than the enterprise level solutions which do this, and which also come with varying degrees of hardware and vendor lock-in.
As you said, it is true that TrueCrypt requires admin rights, or a admin that installed TrueCrypt on the computer. You might say that it restricts the portability because users without TrueCrypt can't access the data.
This is however not without reason, this limitation increases the security, as stated in the TrueCrypt manual:
"Warning: No matter what kind of software you use, as regards personal privacy in most cases, it is not safe to work with sensitive data under systems where you do not have administrator privileges, as the administrator can easily capture and copy your sensitive data, including passwords and keys." Source: http://www.truecrypt.org/docs/?s=truecrypt-portable
Increasing portability decreases security. Ofcourse encrypting your data is more secure than keeping it unencrypted, but it is a waste of money to use Conseal USB when you have a even better free alternative.
I'm part of the team which developed Conseal. Just wanted to take the opportunity to respond to you as you raised some very good points.
Firstly you are absolutely correct of course that AES encryption is as close to unbeatable as you could get. But that's not the weakest part of traditional encryption: the weakest part is the password itself. Passwords are vastly easier to find than AES keys, either by guesswork, social engineering, dictionary attacks or through the bad practices of the owner.
The weakness of traditional encryption is that the as soon as an attacker guesses the password, he/she has full and complete access to the protected content. And since they already have the device, they have all the time in the world to figure out the password.
Conseal's protection, by contrast, means that the AES key is no longer derivable from the password. In other words, the security of the system is no longer limited to that of the password. Likewise, if the attacker were to disable Internet access then even the password would not be sufficient to unlock it.
Thanks for the clarification, I assumed that the drive could be accessed without internet connection, thus being equally efficient as TrueCrypt. However as you mentioned, the drive can't be decrypted without connection to the Conseal Server as the AES encryption is practically undecipherable. I now understand why Conseal could be better than the TrueCrypt drive encryption and why it may be worth the 20 euros per year.