Data security is a thorny issue since the right information in the wrong hands can lead to all manner of problems for companies and their employees.
The number of times news stories describe how vital information gets left on trains, lost in the post or stolen is far too numerous to count.
iStorage and its diskAshur range are storage devices designed to address the ability of people to misplace equipment, and the critical data on it, by securing the contents from those who end up with it.
The new iStorage diskAshur M² promises to keep the data stored on it protected from even the most determined data-thieves and accidental damage.
It isn’t a cheap item, so is it worth the extra cost to keep your data extra secure?
Price and availability
Most external SSD makers have given up with parts a capacity of less than 480GB, but iStorage incredibly makes the iStorage diskAshur M² in 120GB and 240GB, along with more useful 500GB, 1TB and 2TB. The UK pricing direct from iStorage is for these is £129, £149, £179, £249 and £429 respectively.
American pricing is $169, $189, $229, $319 and $559 for the same range of capacities direct from iStorage in the USA.
Wherever you are the iStorage diskAshur M² is easily one of the priciest sources of USB flash storage, but it has other virtues that might justify the premium.
Design and features
The iStorage engineers who designed the diskAshur M² took a classic approach to protect the drive; they created a metal sleeve that encompasses all but one end of the drive.
This approach provides extra strength against the drive being crushed, restricts the access of water and dust into the keypad and USB port (IP68 certified).
The downside is that for the drive to go into the sleeve it must have the cable removed, and iStorage considered this by providing a soft carry pouch with a pocket for the two USB cables they include to be carried.
One of these cables connects to USB-C and other to USB-A, with the drive end being the wide Micro-B variety in both cases.
Surely putting USB-C on the drive would have made more sense?
Using this device is straightforward enough, but with one significant twist. When you first plug it into a computer, the red LED under the ‘locked’ icon with light, indicating that access requires a code that is created when the drive if first initialised.
A correct PIN code must be entered to unlock the contents, at which point the green LED under the ‘unlocked’ icon will aluminate and the drive will be accessible through the computers operating system.
How long this access is available can be configured, and if the computer goes to sleep or the drive is removed, it is immediately locked.
Codes must be between 7 and 15 numbers long, and to increase the numeric possibilities the pad also includes a shift, and incremental and repeat sequences aren’t allowed.
Once a code is defined, all the files placed on the drive as subject to AES-XTS 256-bit hardware encryption, and therefore without that exact code they’re practically inaccessible to anyone, however much time or equipment that have at their disposal.
Actually, the security controls are more complex than we’ve just described. Because the first code that is created is an ‘Admin’ code meant for IT professionals to manage the device, and they can subsequently create ‘User’ codes enabling multiple people to use the device, but each with their a unique access code.
But we need to point out that numeric pads do have their limitations, not least that if a key fails even with the correct code access might not be possible. Humans also leave residue on the keys that give away what numbers are in the sequence, and they also have the inherent ability to forget a code that they use every day.
There is some acceptance of these issues in that a recovery code can be created by users, in case they forget their original one. And, the drive can be configured to exclusively operate in a read-only mode.
For fans of Mission Impossible, the administrator can also define a ‘self-destruct’ pin that as the name implies performs a Crypto-Erase on the drive (encryption key is deleted), deletes all configured PINs and renders all data stored on the drive as inaccessible forever.
Sadly, it doesn’t melt or emit smoke at this point, but you get the idea.
These safeguards don’t fix that the code might be seen being entered by others or recorded on a security camera, or based on the finger pattern guessed, but few systems are 100% infallible.
And finally, a word of warning for the forgetful. If a User entered their code incorrectly ten consecutive times, the code will be deleted, and cannot be used again. The drive then can only be accessed by entering the Admin code or One-time User recovery PIN, and if the Admin code is entered wrong ten times, all codes are deleted, and the contents will never be accessible ever again. Don’t say you weren’t warned.
Hardware and performance
The name, shape and size of the iStorage diskAshur M² strongly hint that inside is an M.2 2280 flash module. iStorage hasn’t provided any confirmation of that, merely an educated guess.
What the company has said is that the storage is connected to a Common Criteria EAL 5+ (Hardware Certified) secure microprocessor and that the whole assembly was flooded with epoxy resin during manufacturing. Getting the diskAshur M² open and through the resin would destroy the electronics inside, making that type of brute-force access impractical.
But, for those that expected that the M² part of this naming and the USB 3.2 specification implies that inside is an NVMe drive then be prepared to be massively disappointed.
The drive inside might well be of M.2 module origins, but it is most likely that it uses SATA technology.
There never was any point in putting an NVMe drive inside, because iStorage only gave this drive a USB 3.2 Gen 1 port, previously known as USB 3.1 Gen 1 or USB 3.0.
That interface only offers 5Gb/s of bandwidth and not the 10GB/s that USB 3.2 Gen 2 has, or the 20Gb/s that USB 4.0 and Thunderbolt 3 have at their disposal.
With just 5Gbits/s available to funnel all traffic from and to the drive, the maximum theoretical speeds are around 550MB/s.
Here’s how the iStorage diskAshur M² performed in our suite of benchmark tests:
CrystalDiskMark: 344MBps (read); 333MBps (write)
ATTO: 341MBps (read, 256mb); 333MBps (write, 256mb)
AS SSD: 326.79MBps (seq read); 320.6MBps (seq write)
AJA: 322MBps (read); 201MBps (write)
But, the burden of hardware encryption pushes the drive’s performance even lower than those numbers, as in our tests the iStorage diskAshur M² struggled to achieve its quoted 370MB/s, peaking at about 350MB/s.
Making it one of the slowest external SSDs we’ve ever tested.
The only upside here is that it can sustain the low level of writing speed practically indefinitely since the NAND cache will never become saturated at this speed. Not that this appreciably helps anyone trying to leave for a connecting flight in a hurry.
iStorage is one of those curious companies that often compete with itself. Good alternatives from the same maker are its diskAshur PRO² and diskAshur DT² models. These have FIPS 140-2 Level 2/3, NCSC CPA, NLNCSA BSPA and NATO Restricted level security credentials, where the diskAshur M² doesn’t offer all those certifications. It has FIPS 140-3 Level 3 (pending).
The diskAshur DT² built around hard disk technology, making them cheaper per GB but also slower. And, the diskAshur PRO² can be SSD or hard drive, with similar speeds to the diskAshur M² on the SSD line.
The critical advantage of the PRO² line is that the capacity can be up to 16TB for European customers, for those that have £3549 to burn. US users can get the 8TB model for $1919.
Beyond iStorage, this is a small market.
Samsung has the T7 Touch; a fingerprint controlled SSD with reading speeds up to 1050MB/s and write to 1000MB/s. The T7 Touch is much cheaper, but it doesn’t have the security certifications, pending or otherwise.
The Apricorn Aegis Padlock is at least FIPS 140-2 Validated and comes in sizes up to 4TB. But its pricing is more than iStorage, and it is only IP66 certified.
The same maker has the highly regarded Aegis Fortress 3.0, with capacities up to 16TB and similar speeds to the diskAshur M², but that is insanely expensive.
With so few products and makers in this market, why these items cost so much isn’t tricky to understand.
If you are in the market for secure storage that is relatively easy to use and the most credible threat to the contents is someone forgetting the unlock code, the iStorage diskAshur M² fits that role admirably.
We can’t help being impressed by how resistant to damage, water and dust it is, and if kept in its sleeve and case combination, it should survive most catastrophes.
The engineering of this device and the thought that went into the security side of this device is noteworthy and should be applauded. However, there are two significant issues with this product; performance and price.
The naming hints at an elevated performance level, and the iStorage promotional material declares ‘Lightning fast backwards compatible USB 3.2 data transfer speeds.’ The reality is that this drive is slow by modern USB connection standards and sedentary by Thunderbolt external drive expectations.
Compounding the performance issue is that it is also one of the most expensive per GB, at around 21p or 28 cents per GB for the 2TB model. And, the 2TB drive is the best value. Those crazy enough to buy the 120GB option are paying £1.08 per or $1.41 per GB.
To put that into perspective, a typical price for the faster (550MB/s) SanDisk 2TB Extreme Portable External SSD is $329.99 or $329.01 cheaper, having a cost per GB of just 12 cents.
The security features of this device are worth a premium, but surely that’s the same overhead for all drive capacities and not one that increases with the amount of NAND it is connected.
Overall, for those that like to keep their data secure as it travels around, and are happy to pay extra to make it so, the iStorage diskAshur M² does the job. But at this high price users should expect it to transfer data faster than this.