Review of the iStorage datAshur Pro2, an encrypted thumbdrive for home and work

With all of the data leaks being announced on a daily basis, many people have decided that they would rather host their own data in order to maintain control. While there are many options, such as NAS devices, sometimes you may want access to your files anywhere you are, regardless of an Internet connection, so a portable storage device is something to consider. But once the device leaves the house, what happens if you accidentally lose it or your laptop bag is stolen?

Back in 2018, I took a look at the iStorage diskAshur PRO2, a secure portable hard drive that encrypted all data on the device. Today, I’ll take a look at the iStorage datAshur PRO2, a device that provides similar functionality to the diskAshur PRO2, only in a small USB thumbdrive form factor that you can easily put in your pocket and carry with you.

Specifications

The datAshur PRO2 comes in different capacities, from 4GB (priced at £49/$59) all the way up to 512GB (priced at £369/$468). Our review unit, provided by iStorage, was the 256GB model, priced at £279/$358.

Dimensions (HxWxD) 3.44″ (87.40mm) / 0.76″ (19.40mm) / 0.53″ (13.40mm)
Weight 1.3 oz / 37g (with sleeve), 0.99 oz / 28g (without sleeve)
Battery

3.7V Li-Polymer Rechargeable Battery

Interface

USB 3.2 Gen 2 SuperSpeed USB

The device’s housing is made of a rugged anodized aluminum, and the case that goes over it has a rubber gasket to make the datAshur PRO2 waterproof, giving it an IP58 certification.

The USB drive contains a rechargeable battery. This lets you type in the PIN and unlock the device before connecting the datAshur PRO2 to a USB port on your computer. Since all of the encryption and decryption is done on the thumb drive itself, the datAshur PRO2 can be used on Windows, Mac, and Linux without the need to install any drivers. If the battery dies from lack of use, you can still plug it into a computer and unlock the drive while it’s charging.

If you’re paying for an encrypted drive, part of the cost is related to obtaining security certifications, and the datAshur PRO2 has a lot of them. Or rather, is in the process of obtaining a lot of them. Unfortunately it’s hard to tell which ones have been completed and which ones are currently in process. Let’s explore those certifications in the next section.

The buttons on the device are the main interface, and they have a polymer coating to prevent the keys from smudging, which would tip off an attacker as to what keys are frequently pressed to unlock it.

Security Features

If you’re looking for cheap and portable storage, but don’t care about security, then there are far better solutions in the market for you that come in at much cheaper price points. If you require your data to be secure, then the datAshur PRO2 shines.

The website lists the following certiifcations/validations for the datAshur PRO2: FIPS 140-2 Level 3, NCSC CPA, NLNCSA BSPA & NATO Restricted Level. However it’s hard to tell which of these the product has completed, and which are still pending review by the official agencies. For example, the device does not yet have FIPS 140-2 Level 3 validation, although the design itself is compliant. If this distinction is important to you for purchasing, you’ll want to wait a little longer for NIST to complete its review. The company has other products that have been approved, so I suspect it’s only a matter of time before the datAshur PRO2 is validated as well.

One of the main physical features that will allow iStorage to obtain FIPS 140-2 Level 3 validation on the datAshur PRO2 is the fact that the components within the device are covered in an epoxy resin. This makes physical attacks against the hardware nearly impossible without damaging the components, and is also used as evidence that the device has been tampered with.

The datAshur PRO2 is a great solution for enterprise environments due to the ability to whitelist the device. This allows a company to lockdown what external storage devices are allowed to connect to the corporate network and prevent someone from, for example, connecting a rogue USB thumbdrive that may have malware on it, while allowing approved devices. Unfortunately, my test lab does not have the ability to test this functionality.

The device has a concept of both an admin and a regular user account. The admin account allows you to setup features on the datAshur PRO2, such as password complexity, create a one-time recovery PIN, set the device as bootable, or make the device read-only to users. The user account only allows someone to read/write data stored on the device, and of course, only the admin can create users.

Another interesting feature of the datAshur PRO2 is the concept of a “self-destruct” PIN. If configured, you can simply type in the code to automatically delete the encryption keys and the data from the device. While this feels very spy-like, it’s better to have the feature and not need it than need it and not have it.

While the datAshur PRO2 has a lot of features available, you will probably want to keep the manual nearby because memorizing all of the keypresses required to set things up or check the status is pretty much impossible. However, the PDF, which is included on the drive itself when you first get buy it, is very informative and has clear instructions on what to do and how the device will respond, as shown in the example above. In addition, unlocking the device is what you’ll be doing the most, and that’s a simple process to perform.

Performance

Since the datAshur PRO2 supports a USB 3.2 Gen 2 SuperSpeed connection, I expected the performance to be great and I was not disappointed.

While I normally test NAS systems using a RAM-disk in order to reduce latency, I went with a more “real-world” test here of simply copying files my Samsung 970 EVO Plus NVMe drive to the datAshur PRO2. Since the drive can read and write at over 3,300 MB/sec, we’ll definitely only be limited by the USB bus and the USB drive itself.

According to the specs on the iStorage website, you can expect a maximum of 168 MB/sec when reading files from the device, and 116 MB/sec when writing files to to the device.

After doing my normal battery of tests – namely, copying a multi-gigabyte file to/from the device and copying hundreds of multi-megabyte files to/from the device, I was roughly hitting those numbers. When connected to a USB 3.0 or better port, a simple drag-and-drop copy would always consistently show 116 MB/sec when writing files to the datAshur PRO2 and 130 MB/sec when reading from the datAshur PRO2. When connected to an older USB 2.0 port, performance was consistently throttled at 40 MB/sec for all of the tests.

Running a benchmark in CrystalDiskMark provided even higher throughput values, with a consistent 140 MB/s sequential read and 128 MB/s sequential write speeds. As expected, random read/write speed was considerably slower, clocking in at only 17 MB/s read and a maximum of 12 MB/s write.

While it would’ve been nice to see the device take full advantage of the USB 3.2 performance, these speeds are still reasonable and iStorage delivers what it promises.

General Use

Unlike a regular flash drive, if you plug the datAshur PRO2 into a USB drive, nothing happens. In order to access the drive, you have to first unlock it. This process consists of holding the shift key down on the drive to wake it up, then pressing the unlock key, followed by your PIN code. The red light under the locked padlock lights up when the datAshur PRO2 is awake, and the unlocked padlock and letter A (administrator) start flashing after you press the unlock key. Once unlocked, you have 30 seconds to plug the device into a computer before it automatically locks itself again. Alternatively, you can plug the device in first and then unlock it.

The keys themselves are only slightly raised, but have a nice tactile response when pressed, making it easy to know you’ve successfully engaged it. In all of my testing, I never once accidentally pressed the wrong button.

When in the unlocked mode and connected to a computer, the datAshur PRO2 stays unlocked until it’s removed from the USB port or the computer is rebooted. During this time, it acts just like a regular flash drive you’d connect to your PC.

The one minor quibble is that when you pull the flash drive from its protective sleeve, you have to make sure you don’t misplace it. The datAshur PRO2 is only waterproof when in the sleeve, due to the rubber gasket, and the sleeve also protects against accidental button presses.

Conclusion

There’s an old adage in technology: Good, Fast, Cheap, pick two. It’s clear that iStorage went in with the strategy of creating a good and fast product, but as I noted earlier, that means the device is not cheap, especially at the larger capacities.

If you’re just looking for a USB flash drive to store some generic data, then you probably won’t be interested in the datAshur PRO2. It’s a little bigger than a normal drive and a lot more expensive, especially as you look at the larger capacity drives. However if you’re looking for a well designed, well performing, and very secure thumb drive to store sensitive data, you can’t go wrong with the datAshur PRO2. In addition, if you’re only looking to keep some sensitive documents that don’t take up a lot of space, the four gigabyte version is only $59, which is a great price considering the level of security the device maintains.

Report a problem with article