Why FIPS validated products are so important


DataLocker has been providing cutting-edge, advance encryption solutions since 2011.  Our government and military clients are especially keen on protecting sensitive data and regularly look to us for solutions so they can securely transport, store and share data. Lost or stolen devices should not be equated with compromised data!

One of the typical requirements for encryption solutions is that they be FIPS validated.  FIPS stands for Federal Information Processing Standards.  These standards were developed by the National Institute of Standards for Technology (NIST) through the U.S. Department of Commerce as benchmarks for security in government pursuant to the Federal Information Security Management Act.

Several of our products are FIPS 140-2 validated.  This refers specifically to cryptographic modules, such as our hardware-encrypted external hard drives and USB flash drives. There are four levels of security within FIPS 140-2.  (Read more about FIPS 140-2 security levels here.)  At the highest level, level 4, the physical security mechanisms provide a complete envelope of protection around the cryptographic module with the intent of detecting and responding to all unauthorized attempts at physical access.

So what makes DataLocker FIPS validated products unique?  Our DataLocker DL3 FE is the only drive on the market that utilizes two pass cascading encryption using two different independently generated random keys for unsurpassed security. And the DataLocker H350 has earned end-to-end FIPS 140-2 Level 3 validation (certification #2359) for the entire H350 External Hard Drive – not just its encryption components- making it immune from attacks such as “BadUSB” or “Equation Group,” which also target other components of the device.  In addition, the following DataLocker products are FIPS validated:

More information on DataLocker’s certifications can be found here.  If you are interested in receiving an evaluation of your mobile security, or to try one of our products, please click here and an account executive will be in touch.  You may also email us at sales@datalocker.com.

How Organizations Benefit from Centrally Managed Secure USB Drives

According to research, 76% workers plug unknown USB drives into their company PCs, compromising their network security and introducing malware into the system. Besides, almost 20% of 1,000 UK office workers interviewed also revealed that they have lost unsecure USB drives containing sensitive business information. These statistics point towards the susceptibility of our sensitive data in USB drives to leakage and theft.
Hence, it only makes sense to secure data in the USB drives through secure, centrally managed systems. While secure USB automatically and instantly protects all stored data on the USB drive, SafeConsole central USB management enables complete control over the organization’s SafeConsoleReady Devices.

Organizational Benefits of Centrally Managed Secure USB Drives

Here is how organizations can use secure centrally managed USB drives to protect sensitive information:

  • Centrally managed USB drives ensure the security and availability of stored data for users, be it organizations or administrators.
  • They help USB drives evolve into a complete portable computing platform.
  • Enable users to share specific information, rather than all data present on the USB, with intended users.
  • They protect users from unintended USB malware during file sharing.
  • It is the best means of secure file sharing over the internet, especially where putting in place secure emailing may be difficult.
  • Enable organizations to comply with the safety and accountability standards, even for devices present outside the network perimeter or are offline. This is achieved by activating the device’s complete audit capacities for file changes and device actions.
  • Enable organizations to issue portable virtual workspaces for employees on their USB devices, in essence managed thumbtops – this offers a cost-effective and offers secure work environment for users within the protected workspace.
  • Central USB management also helps organizations improve their control over their private data and limits device wastage with detailed inventory of all managed devices.

DataLocker® to exhibit at GITEX Technology Week, October 16-20, Dubai World Trade Center


gitexDataLocker (datalocker.com) is pleased to be exhibiting at the upcoming 36th GITEX Technology Week at the Dubai World Trade Centre, October 16-20, 2016 at Concourse 1 CC1-3 in participation with Kingston Technology.

GITEX Technology Week provides an excellent opportunity for us to introduce attendees to IronKey EMS support for the newly released IronKey D300 Managed encrypted USB Flash Drives by Kingston (kingston.com).  DataLocker and Kingston have been close partners working together on both SafeConsole and IronKey EMS managed encryption solutions.

The D300 represent the next generation of IronKey flash drives and will provide both managed and non-managed encrypted drive solutions for customers that are the most up-to-date and cost-effective in the marketplace.  “We leveraged Kingston’s history of delivering high-quality Flash memory products along with IronKey’s trusted reputation in the encrypted storage industry.  Together with DataLocker, we’ve created a strong and reliable managed USB Flash drive solution that will serve business customers for years to come,” said Ken Campbell, Flash business manager, Kingston.

“Our ongoing partnership with Kingston allows us to be leaders in the Secure USB Management arena,” said Jay Kim, CEO, DataLocker.  ” The IronKey D300 and D300 Managed Encrypted USB Flash Drives are two more tools that allow us to safeguard our customers’ sensitive data with the most advanced level of security.”

IronKey D300 Managed drives require an IronKey EMS by DataLocker license that makes it easy to establish a secure storage command center for administering and policing your hardware investment.  It is easy to securely manage all of your organization’s IronKey D300 Managed devices with a cloud based or on-premises solution.  One can enforce password policies, remotely disable lost or stolen drives, reset passwords and more, all from an easy to use, intuitive dashboard.

GITEX (“Gulf Information Technology Exhibition”), the 3rd largest technology event on the planet, is an annual consumer computer and electronics trade show, exhibition, and conference that takes place in Dubai, United Arab Emirates at the Dubai World Trade Centre.


SafeCrypt (formerly SkyCrypt): Cloud encryption for any cloud service provider

DataLocker has a solution called SafeCrypt (formerly SkyCrypt) that allows users to encrypt their data seamlessly at their desktop, and as a result, only encrypted data is synced to the cloud.

Servers get hacked, secrets get leaked and people get careless.  The line that separates YOUR data from the rest of the world is pretty thin in the cloud. Enter SafeCrypt. SafeCrypt — the only FIPS 140-2 validated, military grade 256-bit AES encryption program, which can secure your cloud storage provider or local files. You can safely use SafeCrypt with Dropbox, Google Drive, OneDrive, Box, or any cloud service provider.

With SafeCrypt, files are fully encrypted to the highest standards at your desktop and stored on your cloud storage account. Even if your cloud service provider is hacked at root level or your personal login is compromised, your files are safe, secure and impenetrable.  Think your cloud service provider is immune to security breaches?  Think again!  Just last month, Dropbox reset all passwords that had remained unchanged since 2012 as a “preventative measure” due to a 2012 Dropbox security breach that has affected an estimated 68 million account holders (BBC News, 31 Aug 2016).

Interested? Download a trial version today!

Download Windows Trial

Download MAC OS Trial

Free companion app available for mobile devices:

Get it on Google Play  iOS App

How to maximize mobile security in today’s world

Mobile security threats and vulnerabilities are and should be of chief concern for every organization. Employees move around and need to bring their data with them. If you care about your organization’s privacy, chances are you already stay away form online storage solutions.  Mobile security is not immune to terrorist threats (think communication apps meant to evade eavesdropping) or hacking, for example.  Credit card and data fraud, extortion and unauthorized use are huge problems and we see major companies falling victim to breaches.  When it comes to mobile security, all of DataLocker’s hardware encrypted products, particularly the ones that can be managed with either IronKey EMS or SafeConsole, can give you peace of mind as you protect your data, your mobile workforce and your organization. Unlike most portable storage solutions, DataLocker drives use hardware-based encryption. Therefore if a drive is lost or stolen, potential attackers will not be able to use brute force to break into them. This greatly increases the odds of your organization coming out of the whole experience unscathed.

An important feature that administrators look for is having the ability to simplify security regulation compliance by giving them control over drives deployed across the enterprise. In addition, it is imperative that organizations efficiently and cost-effectively protect data by administering usage and encryption policies, password restrictions, and more from a central console. These tasks are made easy with IronKeyEMS.

Central management gives peace of mind for companies–WHEN their users forget their passwords or lose their devices–Admins will be able to take action to remedy the issue at hand. Tracking and auditing usage is also a huge benefit. Also, it allows them to get out in front of any issue, because when (not if) devices are lost on one of our Secure USB devices it does not become a reportable offense like it does if the devices are not encrypted.

IronKey EMS

Protecting your data, your mobile workforce, and your organization is easy with the IronKey Enterprise Management platform. You can quickly and easily establish a secure storage command center for administering and policing the use of IronKey encrypted Workspace devices for Windows To Go and Enterprise storage drives.  IronKey Enterprise devices can be securely managed with cloud-based or on-premise management.

In today’s world, companies are managing devices and employees all over the globe.  A single console gives your administrators an up-to-the-minute view of all IronKey Workspace and Enterprise devices under their management, no matter their location. You can easily manage user status, device status, device location, and more.  Administrators can remotely disable lost or stolen devices by locking out users and preventing password access, and even destroy a compromised device by erasing every block of data, thus rendering it unusable.


With SafeConsole central management server software, you can instantly gain complete and granular control over all of your encrypted USB flash drives and portable hard drives.  Additionally, you will achieve compliance for USB storage usage, while enjoying full control and audit. The mobility and productivity benefits of USB storage devices remain intact– without the risks of malware, data leaks and breaches. Define and control administrative roles to manage, track, audit and support your end users so that they can securely and efficiently perform their job function. SafeConsole (both Cloud and On-Premises) integrates seamlessly with Active Directory to allow for simple deployment of our secure USB storage devices.

If you are interested in receiving an evaluation of your mobile security, or to try one of our products, please click here and an account executive will be in touch.  You may also email us at sales@datalocker.com.




Did you know: All DataLocker products are TAA Compliant?


All DataLocker products are TAA Compliant meeting the Trade Agreements Act (TAA) for procurement of goods and services for federal contracts that are assembled in the U.S.A. or other approved TAA-designated countries.  What does this mean to you?  It means that the products we sell cannot be made in China, India, or Russia, for example.  The Trade Agreements Act (19 U.S.C. & 2501-2581) of 1979 was enacted to foster fair and open international trade, but more importantly, it implemented the requirement that the U.S. Government may acquire only U.S.-made or -designated end products.

By meeting and adhering to these standards, DataLocker demonstrates confidence in the value, quality and craftmanship of its products.  As a result, DataLocker products are authorized and approved for purchase by government entities.

Through TAA Compliance, we are doing our part to grow the American economy.  To that end, we are preparing to move our production to a new factory owned by Memory Experts, and they manufacture for other companies in addition to producing their own line of products.  All products are manufactured to a 99.899% quality standard and meet both ISO 9001 and ISO 14001 industry-specific guidelines as well as RoHS and FCC – along with being assembled in the United States for TAA compliance.

If you are interested in speaking with someone from our Federal Sales team about how DataLocker encrypted solutions can enhance security and make compliance a breeze, please call Federal Sales at (202) 827-6200.


How to take control and manage your secure USB drives

The USB drive is everywhere- they can be purchased at every check out counter from office supply stores to convenience stores.  They are portable, small and can hold a relatively large amount of data and make data transport a breeze between office or school and home.  But with portability comes inherent security challenges.

USB device theft, accidental loss and the spread of malicious code can lead to data breaches, compromised customer information, loss of intellectual property and a loss of consumer and even stakeholder confidence. Unsecured and unmanaged USB drives have the potential to becomes digital weapons, as they are the perfect vehicle for delivering malicious programs and viruses. Unsecure USB drives can easily have their firmware rewritten, thus enabling them to inject code into every computer they come into contact with.  Often the owner isn’t even aware that their USB device has been compromised, so they continue to share the infected USB drive.

It may surprise you to know that only 50% of companies have a USB device usage policy, and only about one-half of those companies actually enforce their policies (The State of USB Drive Security, Ponemon Institute, sponsored by Kingston, July 2011).  If you don’t have a data security and management plan in place…you’re not alone.  But- there are things you can and should do to take immediate action! Properly managed, secure USB drives can be a useful tool for companies, and whenever that data becomes portable, a comprehensive plan becomes paramount to the success of data security.  There are several things to consider as part of your planning:

  • How do we get devices connected to a server and under the control of management?
  • Who is ultimately responsible for the devices?
  • Is the end solution compliant with legislation and the organization’s policies?
  • Does the security solution “make sense” for the real world?
  • What does the future hold for this technology?  Is it likely to be supported in years to come?
  • Does our strategy secure ALL of our digital assets, including secure USB drives?

Hardware encrypted USB flash drives are an essential component of a comprehensive data loss prevention (DLP) strategy. DataLocker offers both FIPS 140-2 level 3 devices and standard secure USB flash drives.  All secure USB flash drives from DataLocker can be managed by the SafeConsole central management system which offers enforcement of password policies, remote password resets and audit for compliance and much more.  For additional information or to learn more about our products, please contact us.

Developing a strategy to deploy and secure all digital assets along with implementing the right central management system will create a seamless, secure workflow solution.  It is incumbent upon organizations to mitigate the potential for a USB data breach, which could cost millions in the long run.



Implications of GDPR on portable data storage


GDPR refers to the European Union’s General Data Protection Regulation. GDPR means that organizations that handle EU citizens’ data face massive fines (up to 4% of their global annual turnover) if they are non-compliant.

It’s important to note that a company or service provider with no physical EU footprint still has to comply with the EU data protection legislation…if it processes EU citizens’ data.

There are inherent risks associated with portable storage, so it is valuable to note how to implement GDPR from a practical standpoint.  The new standards all but ensure that lost portable storage devices and other such security breaches will be reported to regulators going forward.  This serves to protect consumers and clients, who have a right to know when they have been compromised or hacked. Reporting looks somewhat different for data that is unlikely to result in a risk for the rights and freedoms of an individual (an unencrypted USB flash drive containing patient information, for example).

GDPR tells us that organizations should protect data at a level that is attainable using current technology, and at a reasonable cost (financial and time).

So, as a global expert within encryption and portable data storage, what does DataLocker recommend to achieve compliance?

  • Have a solution that protects all stored data with automatic encryption and strong passwords.
  • Take care that only authorized staff have the rights to transport data.
  • Keep track of which data is transferred onto encrypted portable media.
  • Have a solution that only allows access to data in approved territories, as transborder data (that which is subject to foreign jurisdiction) is subject to additional restrictions.
  • Have the ability to permanently erase and all copies of a data subject’s stored information.
  • Centrally managed hardware encrypted portable storage that provides audit trail capabilities is the recommended solution.

The costs of NOT implementing a solid portable storage solution are too great to ignore.  The risk of noncompliance is not one worth taking!

*image credit: Termsfeed.com, appearing in an article by Leah Hamilton

Welcome to our blog!

data locker fb cover

Welcome to our new DataLocker blog.  We hope you’ll find it to be informative, useful and even a bit fun-  and that you’ll check back often and see what we’re up to.  You’ll find the latest from our teams all over the globe.  We’ll share timely industry updates, product information and the latest on data security solutions. We love to stay involved and engaged with the communities in which we live, work and play; so we’ll let you know what we’re out and about doing. CTO David Kim, CFO/COO Michael Yim or any of our team members might chime in with their thoughts on the latest DataLocker or industry news as well.

If you’re new to our website or new to DataLocker, hello. Here’s what we’re all about: Innovation. Innovation is the cornerstone of our data security solutions. And innovation drives solid results.  Our work encompasses:

Encrypted Storage – this includes encrypted hard drives, encrypted USB flash drives, encrypted media and cloud encryption gateway.

Central Management – IronKey EMS and SafeConsole, both available as a Cloud or On-Prem solution, to quickly and easily establish a secure storage command center for administering and policing all your encrypted endpoints.

Solutions – Customers from many sectors trust us to protect their sensitive data. Our customers include military and government, finance, energy, legal and healthcare sectors.

Get to know us!  We hope you’ll follow our blog and check back often.  Feel free to contact us– we’d love to hear from you.

-Jay Kim, CEO

Jay Kim is the founder and CEO of DataLocker, a leading provider of data security solutions. Since founding the company in 2007, Jay has led DataLocker to be among the most recognized providers of data encryption systems. With customers in over 30 countries, DataLocker devices are trusted to secure sensitive information for customers such as the US Air Force, Federal Reserve Bank, NASA, Lloyds Bank and the US State Department.