StorageSafe is another offering in the removable-device security space. There are many products rubbing shoulders in this area, and the basics are pretty well covered. StorageSafe is not aimed at high-end environments, with key distribution and management features, but at quick and basic everyday data protection, which it does well.
The software is really little more than a GUI-driven encryption engine and device driver, putting a crypto frontend on to a driver which mounts removable drives. As such, it is small and quick to install, and very easy to use.
The GUI is clean and simple, with a list of identified removable drives (which updates immediately as you add or remove new devices) such as flash storage or external drives. Anything that Windows recognizes as removable storage, in effect, which will typically be USB and FireWire.
Double-click on a device and you'll get a default action based on its current status: "protect" if it is currently unprotected, "mount" if it is protected, or "unmount" if it is mounted. Three buttons at the top provide access to the same actions, and a more detailed menu with other options, but you will hardly ever need them.
When protecting a device, StorageSafe operates like most similar software, dividing the storage into public and private areas. Only passwords are used – no public keys or tokens are supported – but the software does take the step of warning you if your password is potentially weak. Actual encryption was quick, as was every other function of the product.
The public area is then left holding the product's installer so you do not have to depend on having the software installed on every machine you use.
We are a little nervous of this practice: installers (whether executable or MSI) can carry malware, and even without that concern some environments may not allow a visitor to install a new device driver. Depending on your situation, you might want to think carefully about how you use any software of this sort. The risks are low, but it is another attack vector to think about.
One day we'll review a product in this space which preserves files already on the device. But StorageSafe, like most, does not – it formats and does not copy back anything, but you can change the amount left unprotected. It defaults to 3MB, enough for the installer plus a bit left over.
The crypto certainly seemed to work. StorageSafe uses 256-bit AES to encrypt data, but also does some odd things to the filesystem, making it tricky to analyze. We found it was broken up into pieces, leaving only the public area as a recognizable filesystem which other systems will mount normally. Even analyzed in its raw state we could not recover anything from the protected area, nor deduce anything about what data might be stored there.
Mounting a protected drive is easy enough, although the software does not automatically prompt you for the password when a protected device is inserted. We would have liked this to be an option. And unlike some, when the private area is unlocked you can't see the public area at all, which can be annoying if you have used the public area to store files. Because of this, the same drive letter which was in use for the public area is reassigned for the private area, which means an open Windows Explorer window can be confusing until it is refreshed.
Unprotecting a device is handled well. The software creates directories on the device with the original public and private area's files. And as a nice, but possibly unnecessary, touch provides the option to securely erase the temp files on the local hard disk, too. Why not just do that by default? We don't know, but it was nice to have the option.
Secure erase is the product's last main feature. Files or entire devices can be erased by multiple write passes, which worked exactly the way we expected it to.
The context help is sparse, but the product is so simple you would not want more. We did note a reference to an admin function which can be used to retrieve lost passwords, but we could find no sign of this anywhere in the product itself. It turns out this is a feature the company has not provided – key revocation and recovery is much more difficult a task that you would expect from a basic tool like this, so this was not too surprising, though it obviously should have been taken out of the documentation. More worrying was the website, which sported a collection of broken links when we browsed it, presumably just the legacy of an incomplete reorganization, but never reassuring.
We like StorageSafe because it really is very easy to use, with a consistent and responsive GUI and a good price. But it is providing a limited set of features which you can get from a lot of alternatives, so the company might have to find something extra to offer on top to make it a convincing sell, even at this low price.