December 13, 2010, 11:54 AM — Hollywood makes secure flash storage look easy. If the bad guy steals a thumb drive, it either blows up or some secret counterintelligence agency marshals the nation's resources in a no-holds-barred data hunt--most likely with Bruce Willis or Tommy Lee Jones working the streets. If the good guy steals the drive, it goes to a special-needs, special-deeds sidekick in a basement somewhere who cracks the code in 5 minutes.
That's the Hollywood treatment, but--exaggerations aside--it contains some elements of truth. Flash drive security is readily available, and some of it is free. Ease of use, however, is another matter.
Secure flash drives give security-conscious users a great way to transport sensitive information. And you can work directly off of such drives so that their top-secret data never resides in another location--except on a secure online backup service, of course.
Hardware vs. Software
The three basic approaches to securing data on a flash drive involve using software, hardware, or a combination of both.
The simplest, least expensive way to secure your data is to use a program such as 7-Zip to create encrypted archives on your flash drive. The obvious drawback of this method is that you must have the appropriate decryption software on any PC that you want to access the data from. (A portable version of 7-Zip is available, however.)
A slightly more elegant solution is Encrypt Stick, which also resides on the flash drive as a portable application but is designed solely for secure storage.
Easier yet is a secure flash drive that, upon being inserted into a PC's USB port, automatically runs software by tricking the operating system into thinking that you've inserted a CD. This software resides on a small CD emulation partition; the rest of the drive is used for storage. Variations on this approach run the gamut from simply providing access to the encryption program (as with the CMS Vault OTG) to hiding the data partition until you've run its control panel and entered a password to enable it (which is the method that IronKey Personal S200 uses).