Secure Portable Drive

I'd use truecrypt for the encryption, you can double encrypt and store as a file on a seperate usb device, a key/certificate to access the data if you don't want to use a password.
If you do choose a password, choose a long password like ({!this is my password because it's easy to remember and hard to guess})!

I'd use a 2 Tb Mirror edition, as it's an external raid box. (Western Digital.) rather than a laptop drive.

Super portable, look at maxtor black armor if you want hardware encryption.

Almost any drive you choose will work for the job, and if you encrypt the device with truecrypt, it's readable on multiple platforms including linux, windows, mac.

Whats the model # for the 2TB mirror edition? How about shock proof, from what i saw so fat non of them are.

I would not use any hard drive.  It would suck to need the data and find out that you have a corrupt backup drive.

Use optical media if possible and use a backup scheme that alternates at least twice per week.  DVD or BD disks are cheap enough to do this.  Also, this allows you to keep a history of backups in case you need to go back to the week of <> to retrieve data.  A backup drive won't allow you to do that.

Its for DR so we wont need to keep a history, i'll get two drives and they will be switched out with a full backup every two weeks. The Backup is around 400GB so using DVD or BD is not an option. Thanks though.

How about this one? Anyone ever used this model? i am not sure what i think about the biometric system, never used one. Is this technology reliable enough to use it for critical production systems yet?

http://www.cdw.com/shop/products/LaCie-Rugged-Safe-hard-drive-1-TB-FireWire-800-Hi-Speed-USB/2111300.aspx

LaCie Rugged Safe hard drive - 1 TB - FireWire 800 / Hi-Speed USB
Mfg. Part: 301490  |  CDW Part: 2111300  |  UNSPSC: 43201803

Biometric during a disaster, may not work. Depends on the person whose features were used to encrypt. Even then, as a disaster recovery backup, the device should be stored at a geographically distant location with access to an alternate person who is at the distant location. Therefore, the minimum should be 2 devices rotated.

Safety deposit boxes are only "safe" becuase there's a security guard during business hours and cameras & sensors at night.  A short crowbar will pop the door.  And, most vaults (because of mass and building codes) are located on ground floors or lower.  So, flood during a disaster will destroy that part of your DR plan.

There's no protection from water, heat, or humidity.  Also, there are banks with deposit boxes that are in a locked room, not in an actual vault.

The locks are generally soft metal, so they can be drilled/cut easily without damaging the face of the deposit box.  Very cheap to replace a lock when the key is lost...cheaper than replacing a door or entire module.

Not trying to rain on your parade, but I have a vault.  I would never think about putting data storage inside it.  If there's a disaster...you'll never be able to get the data out.  Unless you bring in the torches and hydraulic jacks.  At which point, you are creating and environment not suitable for storing hard drives, tapes, or even optical media.

@rfportilla - Wouldn't the encryption key be the fingerprint? So unless all users who did the fingerprint are gone i should be fine? The device supports up to 8 fingerprints and i intend to use all of them.


@ gtkfreak - Yes, we will use two drives and rotate them every two weeks. The Off-Site Location where the drive will be kept is a Bank in a different state.

@ aleghart -Not sure if i understand, are you saying a bank is not save to store a backup drive?

Thanks for all the feedback guy's.

A vault is designed to keep people out, not to allow access.  There are probably less than a dozen people that can open it.  A deposit box normally has only two keys and maybe 2-3 authorized users on the signature card.

I'm a disaster scenario, what are the odds your company will get access to the vault, and actually have a key holder available to open your box?

Also, most large vaults are timelocked from Friday evening until Monday morning.  That's a significant period of time to lose access to your data.   Those hours are a prime time for backup/recovery.

If there's an earthquake or flood, it could be days or weeks before you gain entrance to a damaged or buried vault.

Think of it this way...would you lock up emergency food, water, and medicine in a vault?  If you really need them in an emergency, you most likely cannot get them immediately.  If you're storing family jewels...you don't need access immediately.

So, for once a month data dumps , it might be good insurance if your location is in a different geographic region.  For frequent data backup, it might not be accessible, and be subject to the same disaster that your facility experiences.

I'm coming from the perspective of the facility/vault.  Don't know where this falls in your DR scenario.  Just thought you should know what the bank manager should be telling you about the vault.

as far as shock value goes, the WD My book edition is tested able to be dropped from a height of 6 feet.
(Not while running)

But with the mirror edition having 2 hard drives, you could damage one of them and still have all your data secure.


Have you thought about cloud services for actively syncing your data with high encryption to keep your data set fresh on either just a virtual drive, or a virtual server with sync services so if the main server goes down it will automatically rollover to the one in the cloud?

>As far as security goes, bank vaults are a great place to store data, except for hours of operations.

Physical security...maybe.  But there's no environmental protection, and no access allowed during or after a natural disaster.  Keeping multiple copies is geographically separate areas...yet still accessible...and with keys available to more than two people....would negate the need for a large steel door.

Don't get me wrong...insurance companies like vaults when they're insuring millions of dollars of real goods.  For data...not so much.  What good is a drive if it's buried or damaged by water, or if the only people with keys are nowhere to be found.

Data as an asset should be held to standards beyond the 18-19th century.  :)

But, I do understand that some people get safety deposit boxes for free with their bank accounts.  Free always looks good.

@ aleghart: - What is your suggestion for an Off-Site backup? Data volume is 400GB and data should be updated every two weeks. Online storage solutions are to expensive for my client.

OK, the office is located in NYC, so earth quake or flooding isn't areal concern for me. I was thinking more about Fire, Theft and explosions. The Bank is located in a different state so its out of the danger zone. Thank you all for the great feedback. You guys know what you are doing.

Regarding the encryption key being a fingerprint, not necessarily.  The fingerprint is converted into a digital representation which is converted into a private key and stored.  

1. What if the key storage becomes corrupt?  There should be a backup and recovery system or an alternate method of decrypting the data.
2. What if the person who's thumb was used is unavailable?  There should be multiple trusted users who can access the data.

There should be alternate ways to get to the data.  More complex biometric systems will allow storing and recovering keys along with multiple users.  I wouldn't imagine that a biometric security system on a portable hd would be that advanced.

Also, depending on how they decide to implement it, especially in a multiple user setup, they may use a completely different key for encrypting the data, in which case, that key has to be backed up.  It can get complicated.