This post was created to inform users of our new hardware encrypted CE-Secure Vault flash drives
. This is not to be confused with our software encrypted CE-Secure Encrypted flash drives
1. What is CE-Secure Vault
- The CE-Secure Vault is a secure USB flash drive. It automatically password-protects and encrypts all stored information. Replace your USB sticks with CE-Secure Vaults and assure information security at all times. All stored information is 100% encrypted and the algorithm (AES256-CBC) fulfills government and military standards. CE-Secure Vault USB drives can be managed and audited with a central management server software named *SafeConsole. *SafeConsole is able to manage thousands of CE-Secure Vault drives in a corporate environment.
2. What is the difference between the CE-Secure Vault and the CE-Secure (Vault OTG) encrypted drives that CMS already offers
– The main difference is that the CE-Secure Vault drives now offer added protection through hardware encryption. These drives are also management ready with the use of *SafeConsole. A FIPS certified version of this product is also available. Whereas the CE-Secure (Vault OTG) drives are encrypting your data through a software encryption engine.
3. Why would I need an encrypted USB memory stick
- Each year thousands, upon thousands, of unsecure USB drives are lost every day. The data upon these drives are completely exposed and will risk organization intellectual property, business partner relationships, users’ employment, and non-compliance with regulatory requirements like HIPAA and Sarbanes-Oxley.
With CE-Secure Vault your information is safeguarded. All your data is always password-protected and encrypted on the hardware. A lost device is merely a lost device, your data is safe and no breach will ever occur. If a lost CE-Secure Vault later on is found you can be 100% sure that the data is intact and has not been read or manipulated by anyone. Just plug it into the user computer and it is automatically “Found” and ready to work for you again. This saves money from day one as data breaches and surrounding routines and procedures are all costly. Not to mention the headaches you will avoid for all involved.
4. What happens if a user forgets the password for the CE-Secure Vault device
- It is not possible in any way to get access to stored information without the correct password. There are no back-doors and tests by independent security labs and customers have confirmed this over and over again. It is statistically and technically impossible to retrieve data.
There are two options to continue:
• If an organization has *SafeConsole deployed it is possible to perform a password reset if the CE-Secure Vault password is forgotten. The procedure credentials are unique for each organization and are handled with a secure PKI-based challenge response procedure that is protected against social hacking. No information is lost and the user is securely back to work in minutes. The password reset can be handled over phone, email or in person.
• If *SafeConsole is not installed the CE-Secure Vault needs to be factory reset. This procedure does not require administrator privileges except for the CE-Secure Vault BM7741 on Windows XP computers. All stored data will be wiped and cannot be recreated by any means available as the storage is completely reset and the encryption keys are destroyed/renewed.
It is encouraged that the user chooses a password hint during the quick CE-Secure Vault setup.
5. Which USB-ports is the CE-Secure Vault device compatible with
– The CE-Secure Vault CE-Secure Vault works on all available USB-ports, USB 1.1 / USB 2.0 (high-speed/full-speed), USB 3 ports (note that this device is not USB 3 compliant but will run on a USB 3 port which is backwards compatible to USB 2). The small form factor means that it will fit even if space is scarce as with close adjacent ports on ultra-mobile laptops.
6. Does the CE-Secure Vault device require software installation or admin rights
- No. Just plug the device in and all necessary resources are run directly from the device. No traces are left behind.
7. Can the CE-Secure Vault device be managed in a Corporate Environment
- *SafeConsole allows you to manage hundreds of thousands of CE-Secure Vault drives wherever they may be in the world. *SafeConsole is rapidly deployed and provides optional Windows Active Directory integration, full management capabilities, complete device life-cycle management, assignment of policies and features dependent on AD membership, remote reset of passwords, compliant auditing, remote wiping of rogue sticks and much more.
8. How rugged is the CE-Secure Vault device and will it break
– The CE-Secure Vault is a small device but it is also extremely though and rugged.
Some of the things CE-Secure Vault have proven to withstand:
• Repeated rolling over by a 2500lb V8 Range Rover.
• Repeated full washing machine cycles at the highest temperature.
• 30 seconds of red-hot angle grinder sparks.
• A whack with a 10lb sledge iron smith hammer.
9. What operating systems does the CE-Secure Vault device support
– The CE-Secure Vault device is compatible with:
• Windows 7, Vista, XP, 2000(SP4), server 2003, 2008
• MacOS X 10.5. 10.6
10. Does the CE-Secure Vault device have a timer lock-down (timeout/lock) feature
– Yes, it is can be administered or user configurable. If the CE-Secure Vault device is left behind or forgotten when unlocked, it will automatically lock down after the preset interval.
11. How does the CE-Secure Vault device brute-force protection work
– If the CE-Secure Vault device is subject to an instruction attempt that tries numerous passwords it will lock-down or factory reset (dependent on *SafeConsole settings). The counter of faulty passwords cannot be reset and is handled within the embedded system onboard the CE-Secure Vault.
12. How does the CE-Secure Vault device protect against physical tampering
– The circuitry of this device is covered with environmentally friendly epoxy which means that tampering will be extremely time-consuming. Tampering by any means is result-less as all data is hardware encrypted.
13. How are the encryption keys generated and stored
– The encryption keys (standard based AES256 CBC) are generated and stored securely onboard the embedded system. No copies or duplicates are kept anywhere else and cannot by any means be regenerated.
14. Is it possible to eavesdrop on the CE-Secure Vault device
– No, the stream of data through the port is encrypted (RSA512).
15. Software encryption of USB memory is cheaper. What is wrong with these solutions
- Software encryption of portable USB storage, using file containers or file level encryption schemes, has multiple inherent problems that can prove very troublesome. Most of these products are not management ready, usability issues and that admin user rights are often required, and file system corruptions might be experienced if the drive is manually formatted.
*SaleConsole is a management solution by BlockMaster