Secure Portable Drive

Hello Experts -

as a DR solution i am going to backup all critical company informations on an external drive. That drive will be stored at a bank safety deposit box.

I am looking for some recommendations of what kind of drive i should use.

I have the following requirements of the drive:

Minimum 500GB space
Shock Proof
Encryption (i would prefer a removable CipherKey)
Ultra potable (USB Powered)
Hi-Speed USB

Can you recommend me some products that match those requirements?

Thank you!
Martin GerlachConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I'd use truecrypt for the encryption, you can double encrypt and store as a file on a seperate usb device, a key/certificate to access the data if you don't want to use a password.
If you do choose a password, choose a long password like ({!this is my password because it's easy to remember and hard to guess})!

I'd use a 2 Tb Mirror edition, as it's an external raid box. (Western Digital.) rather than a laptop drive.

Super portable, look at maxtor black armor if you want hardware encryption.

Almost any drive you choose will work for the job, and if you encrypt the device with truecrypt, it's readable on multiple platforms including linux, windows, mac.
Martin GerlachConsultantAuthor Commented:
Whats the model # for the 2TB mirror edition? How about shock proof, from what i saw so fat non of them are.
dbruntonQuid, Me Anxius Sum?  Illegitimi non carborundum.Commented:
1 or 2 Tb ruggedized USB

But not USB powered.  These need an AC adaptor to power them.

I'd not recommend a USB powered drive.  Many of those require 2 USB connections to ensure sufficient power.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

I would not use any hard drive.  It would suck to need the data and find out that you have a corrupt backup drive.

Use optical media if possible and use a backup scheme that alternates at least twice per week.  DVD or BD disks are cheap enough to do this.  Also, this allows you to keep a history of backups in case you need to go back to the week of <> to retrieve data.  A backup drive won't allow you to do that.

Martin GerlachConsultantAuthor Commented:
Its for DR so we wont need to keep a history, i'll get two drives and they will be switched out with a full backup every two weeks. The Backup is around 400GB so using DVD or BD is not an option. Thanks though.
Martin GerlachConsultantAuthor Commented:
How about this one? Anyone ever used this model? i am not sure what i think about the biometric system, never used one. Is this technology reliable enough to use it for critical production systems yet?

LaCie Rugged Safe hard drive - 1 TB - FireWire 800 / Hi-Speed USB
Mfg. Part: 301490  |  CDW Part: 2111300  |  UNSPSC: 43201803
Anything that has moving parts is going to be more prone to risk.  If you are going to do it with external hard drives, I agree that you should use two.  

The only other solution, though, is tape and that gets very expensive.  

I don't know of any issues with biometric.  Just make sure that there are backups to access the data.  One common issue with encrypted systems is not having a backup of the encryption keys.  When the primary copy gets lost or damaged, the data is lost.  This is true for biometrics as well.  Just make sure there is a fail safe.

Good luck.
Biometric during a disaster, may not work. Depends on the person whose features were used to encrypt. Even then, as a disaster recovery backup, the device should be stored at a geographically distant location with access to an alternate person who is at the distant location. Therefore, the minimum should be 2 devices rotated.
Safety deposit boxes are only "safe" becuase there's a security guard during business hours and cameras & sensors at night.  A short crowbar will pop the door.  And, most vaults (because of mass and building codes) are located on ground floors or lower.  So, flood during a disaster will destroy that part of your DR plan.

There's no protection from water, heat, or humidity.  Also, there are banks with deposit boxes that are in a locked room, not in an actual vault.

The locks are generally soft metal, so they can be drilled/cut easily without damaging the face of the deposit box.  Very cheap to replace a lock when the key is lost...cheaper than replacing a door or entire module.

Not trying to rain on your parade, but I have a vault.  I would never think about putting data storage inside it.  If there's a'll never be able to get the data out.  Unless you bring in the torches and hydraulic jacks.  At which point, you are creating and environment not suitable for storing hard drives, tapes, or even optical media.
Martin GerlachConsultantAuthor Commented:
@rfportilla - Wouldn't the encryption key be the fingerprint? So unless all users who did the fingerprint are gone i should be fine? The device supports up to 8 fingerprints and i intend to use all of them.

@ gtkfreak - Yes, we will use two drives and rotate them every two weeks. The Off-Site Location where the drive will be kept is a Bank in a different state.

@ aleghart -Not sure if i understand, are you saying a bank is not save to store a backup drive?

Thanks for all the feedback guy's.
A vault is designed to keep people out, not to allow access.  There are probably less than a dozen people that can open it.  A deposit box normally has only two keys and maybe 2-3 authorized users on the signature card.

I'm a disaster scenario, what are the odds your company will get access to the vault, and actually have a key holder available to open your box?

Also, most large vaults are timelocked from Friday evening until Monday morning.  That's a significant period of time to lose access to your data.   Those hours are a prime time for backup/recovery.

If there's an earthquake or flood, it could be days or weeks before you gain entrance to a damaged or buried vault.

Think of it this way...would you lock up emergency food, water, and medicine in a vault?  If you really need them in an emergency, you most likely cannot get them immediately.  If you're storing family don't need access immediately.

So, for once a month data dumps , it might be good insurance if your location is in a different geographic region.  For frequent data backup, it might not be accessible, and be subject to the same disaster that your facility experiences.

I'm coming from the perspective of the facility/vault.  Don't know where this falls in your DR scenario.  Just thought you should know what the bank manager should be telling you about the vault.
as far as shock value goes, the WD My book edition is tested able to be dropped from a height of 6 feet.
(Not while running)

But with the mirror edition having 2 hard drives, you could damage one of them and still have all your data secure.

Have you thought about cloud services for actively syncing your data with high encryption to keep your data set fresh on either just a virtual drive, or a virtual server with sync services so if the main server goes down it will automatically rollover to the one in the cloud?

As far as security goes, bank vaults are a great place to store data, except for hours of operations.

If the data is encrypted correctly, even if someone accessed the drive physically, or stole the drive there's little to no chance of breaking a proper encryption scheme.

You could get a SSD in SATA and Mil spec for rugged ability aspects, but you would have to use more than one, and they are not cheap.

However, if you made a Raid Array out of 3 external ESATA drives on a custom built computer to dump a backup to, then pulled the drives and swapped them out with the unit off, and turned the computer on, you could pull the 3 drive raid 5 set and put them in the vault.

This would yield the highest speed for your backup if it was on the server itself (You could reach speeds of 5Gb/s or so) If you installed truecrypt on the partition spread amongst the 3 drives in the RAID, Even if it was stolen nobody without knowing they were in a raid would even be able to read the drives and even if they knew they were RAID drives they would not be able to mount them without the correct RAID card.

The great part of this solution is, if the server crashes, you could have a live backup already onsite as the data could be mirrored to the RAID during operations.

Down side is that if it's on the server, once per week you would have to reboot and change the external SATA drives out.

If they are on a separate computer you would only have to take that secondary computer down and the sync would happen as soon as you booted up and typed in the encryption key, or with certificates, the sync would begin as soon as the unit booted up.
>As far as security goes, bank vaults are a great place to store data, except for hours of operations.

Physical security...maybe.  But there's no environmental protection, and no access allowed during or after a natural disaster.  Keeping multiple copies is geographically separate areas...yet still accessible...and with keys available to more than two people....would negate the need for a large steel door.

Don't get me companies like vaults when they're insuring millions of dollars of real goods.  For data...not so much.  What good is a drive if it's buried or damaged by water, or if the only people with keys are nowhere to be found.

Data as an asset should be held to standards beyond the 18-19th century.  :)

But, I do understand that some people get safety deposit boxes for free with their bank accounts.  Free always looks good.
Martin GerlachConsultantAuthor Commented:
@ aleghart: - What is your suggestion for an Off-Site backup? Data volume is 400GB and data should be updated every two weeks. Online storage solutions are to expensive for my client.
Online was first thought.  Owned server in an offsite, but high-bandwidth connection (like remote office) was another.  When it comes to costs, that free safety deposit box beats out anything else.  But, your DR plan should take into account losing access to your backup data.  Like I said, I coming from the direction of the vault...even a decent-sized earthquake or civil unrest could lock you out of that data, where online storage could be accessed from an alternate location.

If your business is local-only, and you can't operate without local economy, then setting up a secondary operation site in another state wouldn't work for you.  Then it might not matter if you data is locked up until the disaster subsides.
Martin GerlachConsultantAuthor Commented:
OK, the office is located in NYC, so earth quake or flooding isn't areal concern for me. I was thinking more about Fire, Theft and explosions. The Bank is located in a different state so its out of the danger zone. Thank you all for the great feedback. You guys know what you are doing.
Regarding the encryption key being a fingerprint, not necessarily.  The fingerprint is converted into a digital representation which is converted into a private key and stored.  

1. What if the key storage becomes corrupt?  There should be a backup and recovery system or an alternate method of decrypting the data.
2. What if the person who's thumb was used is unavailable?  There should be multiple trusted users who can access the data.

There should be alternate ways to get to the data.  More complex biometric systems will allow storing and recovering keys along with multiple users.  I wouldn't imagine that a biometric security system on a portable hd would be that advanced.

Also, depending on how they decide to implement it, especially in a multiple user setup, they may use a completely different key for encrypting the data, in which case, that key has to be backed up.  It can get complicated.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.