[ad_1]
It’s so easy for the data on an unencrypted external hard drive or SSD to fall into the wrong hands, either by theft or accident. I once left a bag containing several unencrypted external drives on a subway car. That hasn’t come back to haunt me, but other people in similar situations may not have been so lucky. So to keep your data safe, you should at least consider an external drive that lets you encrypt selected files and store them in a “vault,” or maybe even a drive equipped with a keypad or fingerprint scanner that provides full-disk encryption and a suite of extra security features besides. And if you’re planning on using that drive for work purposes, your drive is probably required to have added security. Many businesses and government organizations mandate that the drives that they purchase meet specific criteria, including a requirement that not just the data but also the drive innards themselves be protected from incursion.We’ve outlined below our top picks among the encrypted hard drives we’ve tested. Read on for our lab-tested favorites, followed by information about the different types of secure and encrypted drives you might encounter and their features.
Deeper Dive: Our Top Tested Picks
Crucial X9 Pro
Best Encrypted External SSD for Most Users
Why We Picked ItA tiny yet highly capable external SSD, the Crucial X9 Pro scored well in our benchmark tests and comes in capacities up to 4TB. The X9 Pro’s 256-bit AES hardware-based encryption and basic ruggedization features protect it from tumbles, as well as both meteorological and human threats while you’re traveling. Its interface supports the USB 3.2 Gen 2 standard, which affords near-universal compatibility if your computer has a USB port (although you’ll need an adapter to connect to a Type-A port). Who It’s ForThe Crucial X9 Pro is a competitively priced, highly portable external SSD that should appeal to most anyone. The X9 Pro is great for travelers, or indeed anyone who wants a fast, reasonably rugged, and secure portable SSD.
PROS
Lightweight and compact
Good PCMark 10 benchmark score
IP55-rated for dust and water resistance
Drop-proof up to 7.5 feet
256-bit AES hardware-based encryption
Five-year warranty
CONS
Included USB-C cable is short
Lacks USB-C-to-A cable or adapter
Learn More
Crucial X9 Pro Review
Samsung Portable SSD T7 Shield
A Solid Alternative to the Crucial X9 Pro
Why We Picked ItThe Samsung Portable SSD T7 Shield is a well-rounded external SSD with competitive speed, AES hardware-based encryption, and a rugged exterior that protects your data from drops, dust, and rain. The T7 Shield is more shockproof than the previous T7 drives, and unlike them is rated for dust and water resistance. Its security isn’t quite as convenient as that of the Editors’ Choice-honored Samsung T7 Touch with fingerprint reader, but it should keep your information safe, and it’s better-protected than the Touch is. It’s a good choice for travelers and outdoor workers who want a pocketable drive with good capacity that can stand up to the elements and won’t cause them to lose sleep if it’s lost or stolen.Who It’s ForThe Samsung Portable SSD T7 Shield is a durable and secure choice for outdoor workers and travelers, if on the slow side compared to non-rugged SSDs. If you’re a homebody, there’s not much point in investing in this product. But if you ever take your laptop on the road or into the wilderness, whether for business or pleasure, you’ll appreciate having a drive like the T7 Shield. It will keep your data safe in the event of loss or theft, and provides protection from the elements.
PROS
Provides protection from rain, dust, and drops
AES 256-bit hardware-based encryption
Offers the raw speed of a USB 3.2 Gen 2 drive
Comes in capacities up to 2TB
CONS
Relatively short three-year warranty
Not the fastest external SSD for everyday storage tasks
Learn More
Samsung Portable SSD T7 Shield Review
Apricorn Aegis NVX
Best Mainstream Keypad-Secured External SSD
Why We Picked ItThanks to its NVMe internals and USB 3.2 Gen 2 support, the Apricorn Aegis NVX has one thing that no other SSDs with its wealth of protective features can offer: the speed you’d expect from a typical consumer-level external SSD. This, device, which has a built-in keypad for access, requires no software to run and can be used with any device with a USB-C or USB-A port. It’s easy to set up an administrator password, and you can add passwords for multiple users. The drive’s AES-XTS 256-bit encryption is effectively impervious to brute-force attacks. The NVX is also shockproof, waterproof, and dustproof.Who It’s ForThe Aegis NVX is for users who want an ultra-secure SSD without taking a hit in speed. It’s a rugged drive, so it’s also a great choice for travelers or for outdoor use. However, if your company requires security certification, you might want to wait to buy it. Apricorn is currently modifying the NVX to submit the drive for Federal Information Processing Standards (FIPS) 140 Level 3 validation.
PROS
Very fast for a hyper-secure drive
Chock-full of security features
Shockproof and crush-proof
Impervious to dust or water with IP67 rating
CONS
Relatively high cost per gigabyte
Not yet FIPS 140-3 validated
Learn More
Apricorn Aegis NVX Review
iStorage DiskAshur M2
A Solid Alternative to the Apricorn Aegis NVX
Why We Picked ItWorried about your data falling into the wrong hands, or falling onto a rocky trail or into a puddle or pond? The iStorage DiskAshur M2 is compact for an ultra-secure SSD, and it’s built to survive a half-hour bath in 1.5 meters of water or being run over by a 2.7-ton truck. Security highlights include FIPS 140-3 Level 3 compliance, AES-XTS 256-bit hardware-based encryption, and the encasement of its drive mechanism in epoxy resin—any attempt to pry inside to get to the chips will result in their destruction. It also has a built-in numeric keypad that means your files can’t be accessed without the proper user or administrator PIN. You can configure the M2 as a read-only drive and create a self-destruct code that obliterates the data, encryption key, and all PINs forever.Who It’s ForWith such formidable security, you might expect the iStorage M2 to cost a mint, but it’s reasonably priced considering what it offers. Not only is it rife with security features, its ruggedness rating of IP68 is as high as any drive we have tested. If you’re paranoid about your personal or company documents, put the DiskAshur under your pillow and sleep tight. You can take it on a trip or hike with you and know that it will survive anything Mother Nature might throw at it, and any attempt by others to access your data should it be lost or stolen.
PROS
AES-XTS 256-bit full-disk hardware encryption
IP68 ruggedness rating
Compatible with Windows, macOS, Linux, Chrome, Android, and more
Supports an administrator PIN, plus separate user PINs
No software to install
Aggressively priced for a security-focused SSD
CONS
More expensive per gigabyte than standard external SSDs
Much slower transfer rates than less-security-minded drives
Learn More
iStorage DiskAshur M2 Review
DataLocker DL4 FE
Best Keypad-Secured External SSD for Enterprises
Why We Picked ItThe DataLocker DL4 FE external SSD has all the security features and certifications to satisfy rigorous corporate and governmental criteria to guarantee the protection of secret or sensitive data. Simply put, no unauthorized person will be able to breach its encryption and other safeguards. If it were to be lost or stolen, the drive can be remotely disabled and wiped clean. As for protection from the elements, the DL4 FE has some ruggedness but overall falls well short of some rugged drives on the liquid-resistance front. Speed-wise, the DL4 FE is plodding, even compared with other security-centric drives. The DL4 FE gets high marks for its comprehensive drive security, and it’s a great choice for organizations for which data protection is paramount.Who It’s ForThe DataLocker DL4 FE meets the security requirements of corporations and governmental agencies, and has the certifications to prove it. It doesn’t come cheap, even for a security-centric SSD, so it’s largely for big-budget organizations. It’s especially good for businesses or institutions that need multiple secure drives, as it can be easily integrated into DataLocker’s SafeConsole fleet-management system.
PROS
256-bit AES-XTS hardware encryption
Meets several key security-standard certifications
Touch pad randomizes keypad characters to thwart fingerprint tracing
Can be remotely managed through DataLocker’s SafeConsole interface
Local and remote self-destruct features
CONS
Pricey compared with other security-centric drives
Slow, even for a hyper-secure SATA drive
Limited ruggedness features
Learn More
DataLocker DL4 FE Review
Samsung Portable SSD T7 Touch
Best Fingerprint-Secured External SSD
Why We Picked ItThe Samsung Portable SSD T7 Touch is a tiny, 2-ounce aluminum rectangle that plugs into a USB 3.2 Gen 2 port. (Samsung provides both USB Type-C and USB Type-A cables so you needn’t fuss with a dongle.) It combines quick performance with roomy storage. The T7 Touch protects your data in a way few others can: with a built-in fingerprint reader that ensures your sensitive files are for your eyes only. Technically, fingerprints aren’t as secure as complex passwords, but they’re a lot more convenient, and you can’t forget them.Who It’s ForIf you need plug-and-play access to your documents on any nearby PC, the T7 Touch isn’t for you—you must have Samsung’s Windows, macOS, or Android software installed to use the fingerprint reader. But if you’re looking for a mix of security and speed, your corporate or personal secrets are safe with this drive.
PROS
Built-in fingerprint reader and LED status indicator.
Compact size.
Fast performance.
Available in capacities up to 2TB.
Three-year warranty.
CONS
Relatively expensive.
Requires software for fingerprint unlocking on a PC or Mac.
Learn More
Samsung Portable SSD T7 Touch Review
iStorage DiskAshur DT2
Best Encrypted Desktop Hard Drive
Why We Picked ItWith cavernous capacity and a minuscule cost per gigabyte compared with security-centric SSDs, the iStorage DiskAshur DT2—a desktop-style hard drive—is a formidable solution for corporations, institutions, and agencies needing to keep sensitive data safe. With a slew of protective features and boasting an impressive set of certifications, this PIN-authenticated external drive is easy for authorized users to access but impervious to attempts by outsiders to break in. As a desktop hard drive, it is not USB-powered but must be plugged into its included AC adapter. As it will generally be used in an office or server room setting, it lacks any ruggedness features to speak of—the protection it offers is from human threats.Who It’s ForThe DT2 isn’t slim or portable like many external drives—in form, it’s a classic desktop spinning hard drive. But it is easy for authorized users to unlock and access using its built-in keypad, and it has a slew of security features and certifications to assure you it’ll keep bad guys out. If you need to store and protect large volumes of data, this is a great choice.
PROS
Immense capacity
Low cost per gigabyte for a security-centric drive
AES-XTS 256-bit full-disk hardware encryption
FIPS 140-2 Level 2/3, NCSC CPA, NLNCSA BSPA, and NATO Restricted certifications
Easy for authorized users to unlock
CONS
No protective case or ruggedness features
Low score in PCMark 10 benchmark for everyday storage tasks
Learn More
iStorage DiskAshur DT2 Review
WD My Passport (5TB)
Best Encrypted Portable Hard Drive
Why We Picked ItSlightly rounded edges and ripples over part of the surface give the My Passport hard drive the look and tactile-friendly feel of a consumer gadget. The ripples also help keep the drive from slipping out of your hand easily. Add a choice of colors, a size that can fit in a shirt pocket, a range of capacities from 1TB to 5TB, and easy-to-find discounts from list price, and the WD My Passport is a clear standout among high-capacity portable hard drives. It ships with apps for backup/restore, reformatting and checking drive health, and provides AES-256 hardware encryption with a password.Who It’s ForUnless you need a ruggedized drive to stand up to rough treatment, the WD My Passport checks off all the right boxes for an external portable hard drive. It’s competitively priced and comes in capacities up to 5TB. Its built-in hardware encryption and bundled utilities enhance its usability, and it doesn’t hurt that it looks good.
PROS
5TB is peak portable single-drive capacity.
Small and light.
AES-256 hardware encryption with password.
Ships with apps for backup/restore, reformatting and checking drive health, and more.
CONS
At list price, the 5TB version has a higher cost per gigabyte than the 4TB version.
Learn More
WD My Passport (5TB) Review
Buying Guide: The Best Secure SSDs and Hard Drives for 2024
A Guide to Hardware-Based EncryptionEncryption is the process of taking readable text or data and encoding it using a key—a random string of bits, generated by an encryption algorithm—so that only someone in possession of the key can decrypt it. Most mainstream encrypted SSDs and hard drives provide what’s known as AES 256-bit hardware-based encryption, while most hyper-secure keypad-accessible drives utilize XTS-AES 256-bit hardware-based encryption. For good reason, AES is considered the gold standard in drive encryption. Even the standard 256-bit AES encryption (which uses a 256-bit key) is essentially uncrackable. It takes the data through multiple permutation rounds in the encryption process. Using brute-force methods—say, a supercomputer trying one key after another in an effort to decrypt it—could take an average of many trillions of years to break it—far longer than the current age of the universe. That should give you an idea of how ironclad AES encryption is, at least in the face of a brute-force attack.Encrypted mainstream external drives often let users create a password-protected vault into which they can drop files or folders to be encrypted (by AES or other methods). And even if your drive lacks native encryption, there are many encryption utilities you can install to make your files unreadable (and, in many cases, invisible) to others.Physical Drive Security: Keypads, Fingerprint Scanners, and MoreYou can also find drives with a secure physical layer. Keypad-equipped drives, for one, are platform-independent, require no software to run, and can work with almost any computer as long as it has a USB port. When the drive is unattached to a computer, it is locked and generally secured with XTS-AES full-disk encryption. When you attach it and enter the password, you unlock the drive, and it operates as any other drive. (In most business situations, an administrator sets some access rules and creates an admin password for the drive, and one or more users, each with their own user-level password, can access the drive.) When you disconnect it, it locks, and can only be opened with the password. Such drives usually also have other security measures in addition to encryption, which we will discuss below.
(Credit: Zlata Ivleva)
While some drives have press-button keypads, some are virtual pads, responding to either a finger or stylus. With virtual keypads, often the letters are scrambled each time you plug the drive in. This prevents an intruder from guessing the password from fingerprints left on the pad or by looking over your shoulder at your keystrokes.A downside of full-disk encryption is that it can slow a drive’s performance significantly compared with an equivalent non-encrypted drive. These hyper-secure SSDs and hard drives, chock-full of protective features, also tend to cost a lot more per gigabyte than non-encrypted or consumer-level encrypted drives. For many users, the security and peace of mind that such drives provide is well worth the extra cost, and hyper-secure storage features are required by many organizations in both the public and private sectors.
(Credit: Zlata Ivleva)
Beyond traditional password and keypad protection, at least one drive maker has turned to biometrics. The Samsung Portable SSD T7 Touch has a built-in fingerprint reader. From the included software, you can set the drive to open at the touch of the right fingerprint.FIPS and Friends: Security Features Beyond EncryptionMuch of the market for hyper-secure keypad-enabled drives is made up of the military, government agencies, organizations, and corporations that tend to have exacting criteria when it comes to the security of the products they are permitted to purchase. Primarily, this means compliance with the Federal Information Processing Standards (FIPS), computer security and cryptography standards issued by the National Institute of Standards and Technology (NIST). SSD makers often tout their keypad SSDs as meeting either the FIPS 140 Level 2 or 3 standards. The FIPS 140 standard covers the entire “cryptographic module”—encompassing the drive’s full set of hardware, software, and firmware that implements approved security functions like cryptographic algorithms and key generation. A key aspect of FIPS 140 Level 3 is the protection of the module from physical attacks or tampering, by methods such as embedding it in epoxy. If the drive mechanism is breached, the chips will be damaged in the process, effectively destroying both the drive and the data it holds.
(Credit: Molly Flores)
You will also hear of drives being FIPS 197-compliant. FIPS 197 covers only the encryption, and is today better known by the name of the algorithm that FIPS Publication 197 introduced: Advanced Encryption Standard, or AES. So a FIPS 197-compliant drive is simply one that uses AES hardware-based encryption.Another feature that drive-makers tout and clients covet is the inclusion of a Common Criteria EAL5+ (hardware-certified) secure microprocessor. Such a device, through a combination of true random number generation and built-in cryptography, further protects against drive tampering.Keeping Your Data High and Dry: Protection From the ElementsWhile secure and encrypted drives can protect your data from falling into the hands of thieves, scam artists, and other bad actors, rugged drives provide protection from the elements (dust, sand, and water) as well as from tumbles or other accidents. A good percentage of secure drives are also ruggedized; we think of encryption and ruggedization as two sides of the same coin. We have a separate roundup of rugged drives at the preceding link. Whether drive ruggedness is important depends entirely on your use case. If you seldom take your external drive outside of your home or office, it may not be a priority. But if you’ll be using it, say on an oil rig or in a wilderness video shoot, you’ll want some defense against water, sand, or soil getting into the drive.
(Credit: Molly Flores)
Sand-fast and water-fast drives usually carry a two-number ingress protection (IP) rating. The first number, ranging from 0 (no protection) to 6 (complete protection) rates the drive’s imperviousness to dust and particulate matter. The second number rates protection from water ingress, with 8 indicating that the drive can survive being immersed in more than one meter of water. Some drives are also drop-proof (impervious to falls), shockproof, or crush-proof (able to survive being run over by, say, a two-ton truck). The manufacturer’s description of a drive will specify an IP rating and other protections it offers. If no IP rating or other rating information is given, you can safely assume that the drive is not designed to be rugged.So, Which Secure Drive Should I Buy?Whether you want to encrypt a folder for personal or business files on your portable SSD, or you’re tasked with requisitioning hyper-secure drives for the NSA, you’ll find many options to choose from. At the minimum, all of the products here feature AES 256-bit hardware-based encryption. Some go no farther than encryption, while others add keypad or fingerprint access and a host of other protective features. Although it’s not strictly a security feature, many encrypted drives are also rugged, shielding the physical drive from storms, tumbles, or mishaps in the wild or on the factory floor. For more on safeguarding your data, check out our guides to the best backup software and the best security suites.
[ad_2]