Review: Kingston Data Traveler Vault Privacy - managed by BlockMaster SafeConsole

Recent research suggests most data breaches involve mobile users, and there is little doubt that the loss or theft of smartphones and USB sticks is a major security headache for IT managers.

The storage capacity of USB or eSATA drives can be as much as 64GB, making it easier to take large data files out of the office. The ever-increasing capacity of these devices is set to increase further this year, with systems touted to hit half a terabyte.

Although filling existing drives with data using USB 2.0 data transfer speeds can take a lot of time and act as a disincentive, that problem will change when USB 3.0 devices, which have a theoretical data transfer speed of 5Gbit/s, become mainstream.

One solution to the increasing security risk is to ban the use of USB or eSATA drives. In extreme cases firms have been known to seal USB ports with glue. However, such a ban is likely to reduce the effectiveness of mobile and remote staff.

The other solution is a managed system, such as BlockMaster SafeConsole, a cloud-based or on-premise web application that can be used to set up policies to manage USB devices. SafeConsole can enforce password policies, audit USB device use, and back up and encrypt data onto BlockMaster’s servers.

To assess BlockMaster’s SafeConsole system we used it to manage an 8GB Data Traveler Vault Privacy – Managed (DTVP-M) from Kingston Data Traveler, one of only a limited range of USB devices that will work with the application.

DTVP-M comes in five capacities – 2, 4, 8, 16 and 32GB – with a five-year warranty and 24 x 7 support.

Install
For the purposes of this test, we signed up for a 10-day trial of the cloud-based SafeConsole. This can be set up in two ways, either by deploying the devices through Active Directory Group Policy, or with a manual install of the registry keys and a certificate installation that lets the USB device connect to BlockMaster’s cloud-based SafeConsole server. Administrators put a password on the device at this time.

We opted for the manual method since it showed what steps are needed to set up a device. Since only one device was being set up, the process took only a few minutes to complete. Deploying through Group Policy would allow several devices to be rolled out quickly.

We used our Labs Dell OptiPlex 980 desktop system for the setup, after which the USB device was ready for use.

Operating system support is Windows only, with all Microsoft’s current business operating systems supported – XP Professional (SP2/SP3), Vista (SP1/SP2) and Windows 7 Business, Enterprise and Ultimate.

Device usage
The DTVP-M USB device has two partitions, although when inserted into a USB port users will only see the Kingston Login partition, and not the secure data partition where users can save their data.

Running the DTVP-M launch application prompts for a password to connect to the BlockMaster SafeConsole web application to authenticate, after which users are allowed access to the secure data partition on the device [see picture].

In use the DTVP-M device Kingston Data Traveler worked well, and we had no problems transferring data to the device.

Management roles
There are three different roles users can assume for managing their deployed USB devices: Administrator, Manager and Support, each of which requires a different password to connect to the BlockMaster SafeConsole web application.

The Administrator role gives access to all the SafeConsole management functions while the Manager and Support roles give access to a subset of those tasks, so less important tasks can be delegated to lower level IT staff.

Administrators can access a configuration overview for setting and managing USB device configurations, and an organisational overview to check which device configurations have been set for specific departments of the organisation (called organisational units by BlockMaster).

There are also options to audit device usage, access and install certificates and view and update the BlockMaster licence if required.

Managers can do all the above, but do not get access to the certificate management option, while the Support role can’t access the configuration or organisational overviews.

Configuration overview
The configuration is the heart of the device management service, allowing IT staff with administrator roles to change the settings: security configurations, device administrator tools and organisational configurations [see picture].

For example, options in the security configurations tab allow device administrators to set the password policy, how long the device can remain inactive (for security reasons), what program(s) (if any) should auto-run when the user initially logs on, and what file types are allowed on the device for security reasons.

The device audit option allows administrators to check when people log onto the Blockmaster SafeConsole server to use the device, while a file audit trail logs which files are created and deleted onto the device.

Organisational overview
This view gives information on which devices are being used by specific people in the organisation, and also what configurations pertain to the specific departments in the business. Different configurations will apply to different departments. Users who take the devices out on the road will likely have more security options applied to that configuration [see picture].

Data transfer speeds
We checked the data transfer speeds of Kingston’s DTVP USB 2.0 Flash drive using the industry standard ATTO disk benchmark. It gave an 11MB/s sequential read speed and a 27MB/s sequential write speed, standard for USB 2.0 devices [see picture].

Conclusions
A comprehensive solution from BlockMaster with many options allowing enterprises to retain control of its deployed USB devices, which should go some way to calming enterprise fears about data loss through users misplacing or having these small, removable devices stolen.