SanDisk rolls out RSA-packin' Cruzer Enterprise flash drives
It looks like anyone that makes regular use of an RSA key for one reason or another could soon have a new favorite USB flash drive, with SanDisk announcing the availability of so-called "two-for-one" Cruzer Enterprise drives, which provide both secure date storage and RSA SecurID software tokens for two-factor authentication (eliminating the need for a separate hardware authenticator). The drive is also apparently no slouch when it comes to the usual storage security measures, with it boasting 256-bit AES encryption, and a setup process that requires users to create complex passwords before they're able to make use of the drive. No word on pricing just yet, but you'll apparently be able to get the drive in your choice of 1, 2, 4, or 8GB varieties, with each boasting a respectable read speed of 24MB per second and a write speed of 20MB per second.
Filed under: Storage
Reader Comments (Page 1 of 1)
y3k.nik @ Apr 7th 2008 1:01PM
And the easier and cheaper alternative to this drive:-
Dont let your normal flash drive out of your sight, and save money.
josh @ Apr 7th 2008 1:43PM
This is clearly not meant for end consumers, who may or may not even be keeping confidential documents on the drive. It is meant for corporate customers who already buy secure tokens for things like vpn access, and who are also looking for some heavyweight encryption on removable storage (since a population of users is going to have a certain loss rate of the drives). You solution really wouldn't fly in that environment.
nh @ Apr 7th 2008 1:55PM
And an easier and cheaper alternative to having a memory stick at all is just to REMEMBER the stuff you would have put on it... what a useless suggestion.
These things get lost all the time because they are small and unattached, not to mention that if you have any confidential data, it should not be written unencrypted to any disk, least of all a portable one.
I use TrueCrypt and TCExplorer, it's a good free option, but still a little clunky.
Tonicboy @ Apr 7th 2008 2:01PM
yeah, and easier, cheaper and AWFUL alternative, if you don't care at all what's on your flash drive. as a consultant, i use many computers and use my flash drive as a portable storehouse of many key personal and work files. as such, both encryption and online backup are great features.
Rory W @ Apr 7th 2008 2:55PM
Sure, and someone might accidently lose their drive with PII on it, and then have to disclose this in the news and give their company terrible PR and most probably cost them quite a bit of money...
So.. save a few dollars by going to Staples or save potential thousands, your job, and your company's by buying something secure, which would you chose?
thelittleleaguecoach.com @ Apr 7th 2008 1:47PM
I try not to put too crucial of information on these, but they can easily get lost.
nmason @ Apr 7th 2008 2:22PM
Obviously none of the above posters (save for Josh) have ever used RSA SecurID to log in.
"which provide both secure date storage and RSA SecurID software tokens for two-factor authentication (eliminating the need for a separate hardware authenticator). "
You can encrypt any drive for free, sure, but you can't put SecurID on it and act as your authenticator.
If you don't work in an enterprise environment, you probably wouldn't understand.
gfar @ Apr 7th 2008 3:08PM
SecurID Software eh? If this was a USB key and had rolling digits on it like their RSA tokens, I'd be happier.
nmason @ Apr 7th 2008 6:32PM
It does have rolling digits, they're just software based.
Hardware RSA SecurID cards are soooooo 2005.
Chris @ Apr 7th 2008 2:32PM
A cap? Seriously?
Tired_ @ Apr 7th 2008 2:53PM
So, now when someone steals your flash drive, they can break the weak encryption to get at your files AND use the token to impersonate you and steal more. Sounds like a winner to me.
Dubb @ Apr 7th 2008 3:51PM
Give me a break, if someone is stupid enough to store the information needed to log in to their VPN on the USB drive, then they deserve it.
Just because you have the SecureID, doesn't mean that you also have the location of the VPN client, the address to use said VPN client, and the user name + pin to login with.
Demas @ Apr 8th 2008 4:58AM
You obviously have no clue as to why they call it *two factor* authentication.
que @ Apr 7th 2008 3:17PM
whats the point of a USB drive with which you can't get to your documents on a non-windows platform.
ssuk @ Apr 7th 2008 3:42PM
Hahaha... Oh wait, you were being serious...
mdm-adph @ Apr 7th 2008 3:56PM
Or:
Just use any USB Flash drive and Truecrypt (http://truecrypt.com).
Bonus:
Works on all systems, regardless of OS.
nh @ Apr 7th 2008 9:37PM
TrueCrypt is a great program, but I'm not sure I agree with the 'works on all systems' bit. It's not like you can just walk up to any machine and use it, since you need to install softare on the host.
You'd need executables for every OS stored on the unencrypted portion. Plus on Windows you need Administrator rights, which you probably don't have if it's not your PC (Though TCExplorer can get round this).
This is where I see the advantage of hardware based security.
Feel free to correct me... I'd be happy to learn an easier way!
John Stracke @ Apr 7th 2008 4:24PM
"secure date storage"—I think you mean "data", unless this thing has some uses that Spitzer should have known about.
Dan G @ Apr 7th 2008 5:22PM
RE:Tired_ @ Apr 7th 2008 2:53PM
"So, now when someone steals your flash drive, they can break the weak encryption to get at your files AND use the token to impersonate you and steal more. Sounds like a winner to me."
Now I know why I don't normally read the comments here but I'll bite, 256 bit AES is very strong and has never been cracked so STFU if you don't know what you are talking about
Jeff @ Apr 7th 2008 6:43PM
http://www.slipperybrick.com/2008/02/princeton-broke-encryption-freezing-memory/
More of bypassing encryption on a PC hard disk, but certainly fallible.
linuxamp @ Apr 7th 2008 6:25PM
It would really be funny if the RSA token was the key to the drive encryption.
phanbouy @ Apr 7th 2008 6:39PM
Viruses, encryption, on flash drives, oh my!
fuzzy @ Apr 7th 2008 7:17PM
I'm at RSA Conference now and they gave the schedule to us on these drives. :)
Janet L. @ Apr 8th 2008 1:59PM
nice. But can it fit inside a dog tag? http://olinari.com
obn4uticus @ Apr 8th 2008 8:48PM
Not as good as the IronKey.
CesarGarza @ Apr 15th 2008 5:58PM
We are using this in our enterprise environment. It's an excellent alternative to regular USB's. You can track what and where a file was copied, writed or deleted. Strong authentication, AD integration, FAST r/w, easy to manage, online backups, all the content is encryped and secured, etc
I recommend this product with the CMC software for enterprise environments. Good for compliance too!
if you are a regular home user, hacker wannabe or cheapo company, get a regular USB with "security" on it.