The Best Secure SSDs and Hard Drives for 2023
Views: 2437
2023-11-16 06:51
It's so easy for the data on an unencrypted external hard drive or SSD to

It's so easy for the data on an unencrypted external hard drive or SSD to fall into the wrong hands, either by theft or accident. I once left a bag containing several unencrypted external drives on a subway car. That hasn't come back to haunt me, but other people in similar situations may not have been so lucky. So to keep your data safe, you should at least consider an external drive that lets you encrypt selected files and store them in a "vault," or maybe even a drive equipped with a keypad or fingerprint scanner that provides full-disk encryption and a suite of extra security features besides.

And if you're planning on using that drive for work purposes, your drive is probably required to have added security. Many businesses and government organizations mandate that the drives that they purchase meet specific criteria, including a requirement that not just the data but also the drive innards themselves be protected from incursion.

We've outlined below our top picks among the encrypted hard drives we've tested. Read on for our lab-tested favorites, followed by information about the different types of secure and encrypted drives you might encounter and their features.

A Guide to Hardware-Based Encryption

Encryption is the process of taking readable text or data and encoding it using a key—a random string of bits, generated by an encryption algorithm—so that only someone in possession of the key can decrypt it. Most mainstream encrypted SSDs and hard drives provide what's known as AES 256-bit hardware-based encryption, while most hyper-secure keypad-accessible drives utilize XTS-AES 256-bit hardware-based encryption.

For good reason, AES is considered the gold standard in drive encryption. Even the standard 256-bit AES encryption (which uses a 256-bit key) is essentially uncrackable. It takes the data through multiple permutation rounds in the encryption process. Using brute-force methods—say, a supercomputer trying one key after another in an effort to decrypt it—could take an average of many trillions of years to break it—far longer than the current age of the universe. That should give you an idea of how ironclad AES encryption is, at least in the face of a brute-force attack.

Encrypted mainstream external drives often let users create a password-protected vault into which they can drop files or folders to be encrypted (by AES or other methods). And even if your drive lacks native encryption, there are many encryption utilities you can install to make your files unreadable (and, in many cases, invisible) to others.

Physical Drive Security: Keypads, Fingerprint Scanners, and More

You can also find drives with a secure physical layer. Keypad-equipped drives, for one, are platform-independent, require no software to run, and can work with almost any computer as long as it has a USB port. When the drive is unattached to a computer, it is locked and generally secured with XTS-AES full-disk encryption. When you attach it and enter the password, you unlock the drive, and it operates as any other drive. (In most business situations, an administrator sets some access rules and creates an admin password for the drive, and one or more users, each with their own user-level password, can access the drive.) When you disconnect it, it locks, and can only be opened with the password. Such drives usually also have other security measures in addition to encryption, which we will discuss below.

(Credit: Zlata Ivleva)

While some drives have press-button keypads, some are virtual pads, responding to either a finger or stylus. With virtual keypads, often the letters are scrambled each time you plug the drive in. This prevents an intruder from guessing the password from fingerprints left on the pad or by looking over your shoulder at your keystrokes.

A downside of full-disk encryption is that it can slow a drive's performance significantly compared with an equivalent non-encrypted drive. These hyper-secure SSDs and hard drives, chock-full of protective features, also tend to cost a lot more per gigabyte than non-encrypted or consumer-level encrypted drives. For many users, the security and peace of mind that such drives provide is well worth the extra cost, and hyper-secure storage features are required by many organizations in both the public and private sectors.

(Credit: Zlata Ivleva)

Beyond traditional password and keypad protection, at least one drive maker has turned to biometrics. The Samsung Portable SSD T7 Touch has a built-in fingerprint reader. From the included software, you can set the drive to open at the touch of the right fingerprint.

FIPS and Friends: Security Features Beyond Encryption

Much of the market for hyper-secure keypad-enabled drives is made up of the military, government agencies, organizations, and corporations that tend to have exacting criteria when it comes to the security of the products they are permitted to purchase. Primarily, this means compliance with the Federal Information Processing Standards (FIPS), computer security and cryptography standards issued by the National Institute of Standards and Technology (NIST).

SSD makers often tout their keypad SSDs as meeting either the FIPS 140 Level 2 or 3 standards. The FIPS 140 standard covers the entire "cryptographic module"—encompassing the drive's full set of hardware, software, and firmware that implements approved security functions like cryptographic algorithms and key generation. A key aspect of FIPS 140 Level 3 is the protection of the module from physical attacks or tampering, by methods such as embedding it in epoxy. If the drive mechanism is breached, the chips will be damaged in the process, effectively destroying both the drive and the data it holds.

(Credit: Molly Flores)

You will also hear of drives being FIPS 197-compliant. FIPS 197 covers only the encryption, and is today better known by the name of the algorithm that FIPS Publication 197 introduced: Advanced Encryption Standard, or AES. So a FIPS 197-compliant drive is simply one that uses AES hardware-based encryption.

Another feature that drive-makers tout and clients covet is the inclusion of a Common Criteria EAL5+ (hardware-certified) secure microprocessor. Such a device, through a combination of true random number generation and built-in cryptography, further protects against drive tampering.

Keeping Your Data High and Dry: Protection From the Elements

While secure and encrypted drives can protect your data from falling into the hands of thieves, scam artists, and other bad actors, rugged drives provide protection from the elements (dust, sand, and water) as well as from tumbles or other accidents. A good percentage of secure drives are also ruggedized; we think of encryption and ruggedization as two sides of the same coin. We have a separate roundup of rugged drives at the preceding link.

Whether drive ruggedness is important depends entirely on your use case. If you seldom take your external drive outside of your home or office, it may not be a priority. But if you'll be using it, say on an oil rig or in a wilderness video shoot, you'll want some defense against water, sand, or soil getting into the drive.

(Credit: Molly Flores)

Sand-fast and water-fast drives usually carry a two-number ingress protection (IP) rating. The first number, ranging from 0 (no protection) to 6 (complete protection) rates the drive's imperviousness to dust and particulate matter. The second number rates protection from water ingress, with 8 indicating that the drive can survive being immersed in more than one meter of water. Some drives are also drop-proof (impervious to falls), shockproof, or crush-proof (able to survive being run over by, say, a two-ton truck). The manufacturer's description of a drive will specify an IP rating and other protections it offers. If no IP rating or other rating information is given, you can safely assume that the drive is not designed to be rugged.

So, Which Secure Drive Should I Buy?

Whether you want to encrypt a folder for personal or business files on your portable SSD, or you're tasked with requisitioning hyper-secure drives for the NSA, you'll find many options to choose from. At the minimum, all of the products here feature AES 256-bit hardware-based encryption. Some go no farther than encryption, while others add keypad or fingerprint access and a host of other protective features. Although it's not strictly a security feature, many encrypted drives are also rugged, shielding the physical drive from storms, tumbles, or mishaps in the wild or on the factory floor. For more on safeguarding your data, check out our guides to the best backup software and the best security suites.

Tags ssds hard drives