iStorage diskAshur M2 encrypted external SSD storage review
- Encrypting and unencrypted valuable data are fast, reliable, and the hardware is bombproof
- All configuration and options are only accessible through the keypad’s small buttons
- If you need to transport sensitive data, this is one of the easiest ways to do it
The first rule of cybersecurity is that you will get hacked sooner or later. The second rule of cybersecurity is that no-one believes rule one until… they get hacked. If you value the information your organization holds, you will take all necessary steps to prevent it from falling into the wrong hands.
And while sending files to the cloud can be done relatively safely these days, sometimes when information needs archiving or moving somewhere else, there’s simply no substitute for physically moving it from A to B. Some people call these types of data transfers “sneakerware”; at TechHQ, we call it common sense.
Where sneakerware fails is when the carrier of the precious media (on which the entire organization’s payroll details exist, for example) leaves the USB stick in the back of an Uber or lets their kids copy their schoolwork onto the external drive.
If you need to encrypt information to move it offsite, there are countless applications and services that can obfusticate your precious files for you. Then it is just a matter of moving the encrypted information onto an external USB disk drive or thumb drive. Unfortunately, the media in a typical external drive is not usually of the best quality, and nor is the drive immune from being reformatted or wiped — either by accident or design.
Introducing the iStorage diskAshur M2
That’s where the iStorage diskAshur M2 comes in. The model we tested holds 500GB (there are options available from 120GB to 2TB) on a fast Flash drive that only unlocks its contents after the user has physically punched in a 7-15 digit PIN on the top of the drive. Only then is the data unencrypted by the built-in hardware, and from that point on, the drive works just like any other (though it can be set to be read-only if required). Users can drag & drop files and folders onto the drive as they would any other. Then, when it’s time to go, the drive is ejected, and the onboard hardware encrypts all the information stored.
This system’s beauty is that there is no need for any encryption software on the device the drive attaches to. This means that the diskAshur can be connected to phones, thin clients (like Citrix or Xen), desktops, virtual machines, or servers, with no software installation required. It will “just work.”
The encryption onboard also meaning that the diskAshur M2 is entirely platform-agnostic — albeit as far as an external drive is. Formatting the drive to exFAT will provide the greatest degree of cross-platform compatibility; more esoteric file systems will not be so readily accepted. However, that particular problem has nothing to do with the diskAshur, of course; cross-compatibility of file systems is a perennial problem in multi-OS environments.
The security chip at the heart of the diskAshur M2 uses an encryption key protected by FIPS-validated algorithms and uses AES 256 specifications. There are also protective measures baked into the device’s firmware that prevent brute-force attacks, although given that a seven-digit PIN is the minimum code length required, no-one is going to get lucky by randomly hitting a few combinations.
The diskAshur M2 comes in a reasonably stiff shell case that zips up, rather like a small spectacles case. There is webbing on the inside to hold (the included) USB A and USB C cables. There is a multilingual quick-start guide too that covers set-up and basic locking routines, and with that, you are good to go. The only possible missing component for even more cross-compatibility would be a USB A/C to micro-USB adaptor. Still, they are literally only a few cents if you absolutely need one.
The drive itself is cased in a rigid, light metal overcoat, and where the cover joins the drive itself, there is a watertight rubber seal, certified to IP68. That means that you might not be able to take the diskAshur deep-sea diving, but it will withstand most immersions and rain showers.
Build quality overall is good, and the unit feels solid and reliable. Once it’s inside its metal jacket and then the rigid zip-up case, the whole package feels solidly protected. Even when naked the drive withstands drops of up to 4m (its makers, iStorage claim).
Our tests found that the drive takes around 5-8 seconds after the correct PIN is entered to become ready to use — no great inconvenience. Unmounting and ejecting the drive was much faster than after insertion. From the drive becoming ready, read-write speeds were in the ballpark for non-encrypted drives.
Where a vanilla external SSD ran at about 250MB/s read/write average over five tests, the diskAshur achieved around 235MB/s.
The diskAshur specs state “up to 370MB/s”, which is possibly achievable under pristine circumstances and when better quality USB cables. But as a working drive (rather than one of a pool of disks with dedicated cache), the performance was very much up to par.
All commands to access the diskAshur’s features are made through the on-device numeric keypad, and feedback is via three colored LEDs (blinking, flashing quickly, on, off). Numerous options can be set up on the device, including different user “accounts,” each with their own credentials and whole-disk read/writes privileges.
There are also options that can be set for timeouts, an emergency recovery PIN, brute force recovery settings, and firmware update settings.
The instructions are well-written and presented (available as a PDF from iStorage). Our only criticism is that some operations time out too quickly, such as setting up PINs for other users. But after some trial and error, we were able to navigate around the various options reasonably easily.
The slight inconvenience of having to tap in codes on a small keypad is offset by the lack of need for locally installed management software. Instead of worries about system compatibility, OS, version of Java Runtime installed, and so on, all operations can take place wherever the drive happens to be plugged.
As part of a sensibly-designed backup and cybersecurity system, moving sensitive data around the organization or offsite via an encrypted device is an excellent idea — although this device or anything like it should never be the sole means of data recovery.
The diskAshur M2 strikes a good balance between rugged construction, platform-agnostic use, and encryption standards without resorting to local software or unreliable fingerprint sensors on USB drives. Its everyday use is simple enough but not entirely trivial, which, we feel, is also a good compromise between the level of protection and ease-of-use.
We can envisage the iStorage DiakAshur M2 being used to move critical information from offices to home workstations or being dropped into hand luggage to take blueprints, reports, or confidential briefings along on a trip.
For organizations that pride themselves on security, the diskAshur could be standard issue. It only takes one forgotten drive on the last train home to throw away the best-laid plans of well-paid cybersecurity professionals. And like being hacked, you won’t believe it happens, until it happens to you.
7 December 2021
25 October 2021
12 August 2021