Encrypted Flash Drives Guidance
Faculty and staff should contact their local IT support staff or ITS for assistance with encrypted flash drives.
Overview
Before proceeding with an encrypted flash drive, determine if the information to be saved on the device will contain any of the University’s Sensitive Information (SI). If the data might contain sensitive information, please contact your IT Department’s Information Security Liaison (ISL) or ITS via 962-HELP to address any questions or concerns. Sensitive Information must be stored in services or on devices that meet or exceed the minimum standards addressed in the University’s Information Security Controls Standard.
What is an Encrypted Flash Drive?
A small storage device also known as a USB “flash” or “jump” drive that has also been encrypted to prevent other people and computers from being able to view or access the data. Compared to standard flash drives, the data is properly encrypted and cannot be read by anyone else without the password, PIN or by using an authorized computer that is able to access the data. Windows, Apple (OSX / Mac OS) and Linux computers can easily connect to them. The computer may need to install software the first time a flash drive is plugged into a USB port on the computer. An encrypted flash drive may also have a keypad on it.
Encryption works by effectively scrambling the data on your flash drive and only you will have the ability to unscramble (decrypt) and access the data. If the device is lost or stolen and your data was properly encrypted, it is not possible for anyone else to access the data or view the information.
Supported Technologies
The encrypted flash drive should be FIPS 140-2 Level 3 certified and use AES 256-bit encryption in XTS mode.
Can an Encrypted Flash Drive be Infected or Damaged by Malware? Yes.
Encrypted flash drives are vulnerable to malware especially if your computer is not kept up-to-date. For example: if ransomware is installed on your computer and it encrypts the data on your flash drive, you will not be able to view or recover your data. If you suspect that ransomware or any type of virus/malware may be installed on your computer(s) or flash drive, please contact your local IT support staff or 962-HELP. To help prevent infections and loss of data, install anti-malware software on all computers and run scans regularly on both the computers and on the encrypted flash drive as well. Update all computers and devices, apply updates and patches as soon as possible. This includes updates for your computers and any related devices such as an encrypted flash drive. A flash drive should never store the only copy of any important files.
Examples of Recommended Encrypted Flash drives, FIPS 140-2 Certified Devices
- Kingston IronKey DataTraveler 4000G2
- Kingston IronKey D300
- DataLocker Sentry 3 FIPS
- Kingston IronKey S1000 Basic
Additional Considerations Compared to Other Storage Options
- Flash drives do not provide the protections or fault tolerance that other storage offerings provide, such as OneDrive, SharePoint, network shares, home directories, storage.unc.edu (NAS) or Secure NAS (SecNAS). Physical damage or corruption of a flash drive is likely to result in the permanent loss of the data.
- Small portable devices such as flash drives are easy to misplace or be stolen.
- The amount of available storage on a flash drive cannot be expanded.
Primary Factors Considered
FIPS 140-2 Level 3, FIPS 197
Keypad or Password
Brute Force Lockout
Tamper Protection
Encryption Type /AES 256-bit / AES Hardware
USB Level and Compatibility
Other Factors Considered
Management Console
System Compatibility
Anti-Malware/EPP
Warranty
Other Related Information
Regarding the University’s Sensitive Information such as social security numbers, passports, PHI/HIPAA and other types of information, please see UNC’s information classification standard.