|
|
|
|
|
|
by galeforcewinds
3177 days ago
|
|
|
I'm a fan of the Apricorn Aegis encrypted USB drives (FIPS 140-2). In assessing the risks around critical offline storage, my primary concerns are that the data has an adequate backup, that no one vendor is entrusted solely with data protection, and low barrier of accessibility as that the solution will actually get used. The 8GB Aegis drives are around $80. Unlock is performed via PIN entry. The drives are small and have a sliding case to protect the PIN pad, making them pocketable. The hardware is capable of wipe upon failed unlock attempts. Pairing these drives with a software-encrypted filesystem reduces the likelihood that a single-vendor fault could allow bypass and data access. This is a strong option for primary always-on-hand instances of offline data, which could be paired with some other secondary backup option from another vendor (like paper in a safe, HSM or additional encrypted USB keys). |
|
|
When you start thinking about the storage of data offline over a decade, bit rot becomes a very real problem.