DiskAshur PRO2 512 GB Portable Encrypted SSD Review – The Ultimate In Serious Data Security?
iStorage DiskAshur PRO2 512GB2017
A couple of months ago, we reviewed the DiskAshur2 512GB encrypted SSD which is the gateway for a security conscious user. Today, we review its more professional sibling: the iStorage DiskAshur PRO2. The primary difference between the two is the fact that the latter has received numerous certifications and has a slightly more robust encryption design philosophy. If you are someone that has valuable data and are worried about it being compromised, this is what you buy.
iStorage’s DiskAshur PRO2 boasts unbreakable enterprise-level data security certified by NATO, General Intelligence & Security Service and CESG
The iStorage DiskAshur PRO2 512 GB portable SSD that ships with Real-Time Military Grade AES-XTS 256-bit Full-Disk Hardware Encryption that is currently unbreakable (from a direct attack vector). iStorage is a pretty well-known name in the encrypted storage market - they were the first company on earth to get a portable encrypted storage solution on the market with their DiskAshur Pro series (which also has certifications by NATO and other major organizations).
The DiskAshur PRO2 is the successor to the highly successful original and should easily meet the needs of even the most security conscious user. Before we go any further, here is a quick overview of the tech:
|Capacity||500GB, 1TB, 2TB, 3TB, 4TB & 5TB|
|Data Transfer Speed||Up to: Read 148 MBps / Write 140 MBps|
|Power Supply||USB Bus Powered|
|Dimensions (W, D, H)||124 mm x 84 mm x 20 mm (500GB,1/2TB) | 124mm x 84mm x 28mm (3/4/5TB)|
|Weight||500GB/1/2TB max. 225 grams approx. | 3/4/5TB max. 331 grams approx|
|Approvals||FIPS PUB 197 Validated, FCC, CE, RoHS, WEEE, TAA Compliant|
|Accreditations||FIPS 140-2 Level 2/3 (US), NCSC CPA (UK), NLNCSA BSPA (NL) & NATO Restricted level - certified|
|Interface||Super Speed USB 3.1 - up to 5Gbps. Backward compatible with USB 3.0/2.0/1.1|
|Operating System Compatibility||MS Windows, macOS, Linux, Android, Chrome, Thin Clients, Zero Clients and embedded systems|
|Hardware Data Encryption||Real-Time Military Grade AES-XTS 256-bit Full-Disk Hardware Encryption|
|iStorage Part Number||IS-DAP2-256-XXXX-C-G (XXXX = Capacity)|
|Box Contents||Portable Hard Drive, Protective Carry Case and Quick Start Guide|
- Common Criteria EAL4+ ready on-board secure microprocessor
- FIPS 140-2 Level 2/3 (US), NCSC CPA (UK), NLNCSA BSPA (NL) & NATO Restricted level Certified.
- Real-time military grade AES-XTS 256-bit Full-Disk Hardware Encryption
- FIPS PUB 197 Validated Encryption Algorithm
- Encryption keys are always encrypted while at rest
- Brute Force Hack Defence Mechanism
- Tamper Proof and Tamper Evident Design
- Immune to BadUSB
- Water & Dust Resistant - IP 56 certified
- Epoxy coated wear resistant keypad
- No speed degradation - as fast as any non-encrypted USB 3.1 HDD
- Desk Lock Slot
- No software or drivers required - 100% Hardware Encryption
- Read-Only (Write Protect) & Read/Write modes
- PIN authenticated - Supports Admin and User Independent PINs 7-15 digits in length
- Self Destruct Feature
- Drive Reset Feature for easy redeployment
- Super Speed USB 3.1 with integrated cable
- Unattended Auto-Lock feature
- No admin rights needed
- OS & Platform Independent - Works on any device with a USB port
- All components covered with a layer of super tough epoxy resin
Packaging and first look
The iStorage DiskAshur PRO2 SSD comes in a small box that has a cute security label which states that you should not accept the SSD if it's broken (naturally the seal is not actually an indicator of a breach). A very good quality USB extension cable is also included in the box (which is a very thoughtful touch!) which increases the value of the package. The ask for this 512GB SSD is a step $271 right now but considering the certifications and features involved - it will be a bargain for the right target market. The SSD itself features an epoxy coated keypad, with a USB 3.1 cable tucked away in the side.
Unlike the DiskAshur 2 standard variant, the PRO2 variant has a metallic finish instead of a plastic one and feels lighter and just more serious. The cage feels very well built in hand and has oleo-phobic coating on the keypads so the keys don't give away the possible key combinations by degrading over time as the same pin is keyed in repeatedly. I was slightly concerned about the integrated cable as that is the biggest possible point of failure but the quality of the material is very sturdy and my fears appear to be unfounded. All the certifications and specifications are shown on the box.
Encryption and ruggedness overview
The DiskAshur PRO2 utilizes a dedicated on-board secure microprocessor to handle all encryption needs on a hardware-level. This is a very important distinction because this means all encryption processes will happen on-disk, away from the host's PC where they might be modified. The specific encryption standard that is being used is the AES-XTS 256-bit which as far as I know is known to be unbreakable.
This is a FIPS PUB 197 validated encryption algorithm that is handled in its entirety by a Common Criteria EAL4+ on-board microprocessor. This device has the following security certifications: FIPS 140-2 Level 2/3 (US), NCSC CPA (UK), NLNCSA BSPA (NL) & NATO Restricted-level.
Compared to the non-PRO version, the PRO version has slightly lower performance. I am assuming this is due to the more robust implementation of encryption. Considering the target market of the PRO variant, this is definitely not a con as any performance sacrificed for more security is much appreciated.
An interesting part of the security design is that the device will accept a maximum of 15 pin attempts. After that, it will delete all encryption keys and the data will be lost forever (the device assumes a forceful attempt is underway). This is a big pro as well as the device prevents your data from falling to a brute force attempt.
The packaging is IP56 certified which means its fairly dust and water-resistance so don't worry about the odd splashes and rain. The case itself is metallic so it should be able to handle a fall (SSDs are more resilient to falls than HDDs anyways). The case is also designed to be tamper-proof and any attempt to open the device or mess with the encryption hardware will result in the device assuming someone is attempting to tamper with it and all data lost.
Benchmarks and conclusion
The device that iStorage has applied the encryption layer is actually the ADATA SU800 512GB - which is what benchmark software will sometimes detect the drive as when you plug it in. This means that you are looking at a 3D NAND based SSD with a very high shock tolerance. The DiskAshur PRO2 features 271 MB/s read and 290 MB/s write speeds and includes intelligent SLC caching and DRAM memory cache buffer (the standard bells and whistles of modern SSD firmware).
This particular SSD also contains an error LPDC - low-density parity check - which compared to non-error correcting memory is going to offer superior reliability of the data as well as the encryption keys.
Our testing methodology includes filling up the drive to roughly 1/4th of its value and then running tests as this gives a more accurate picture than simply testing a newly formatted drive out of the box. The performance of the DiskAshur PRO2 was very impressive and I was continuously getting 270 MB/s+ read and writes when transferring data from my M2 Samsung 960 SSD over the USB 3.1 front port. These readings are much higher than the manufacturer claimed values of 143/140 read-write (I love when manufacturers write pessimistic estimates instead of optimistic ones). Here are the CrystalDiskMark results on the front USB 3.1 port:The DiskAshur PRO2 features pretty decent read-write speeds that are ample enough to fill its internals at a comfortable enough pace. The sequential read and write speeds (which is what you will get when you are transferring data btw) are pretty comparable to standard SSDs (which get around 500 read-write) while the random read writes are more USB-like. This is because the data is being transferred over the USB 3.1 port and nothing to do with the SSD. This also means that it's probably not a good idea to run an entire OS on it - but is good for just about everything else.
We also put the SSD through its paces through HDTune and saw similar results. it has an excellent access time of 0.137 ms (in comparison an HD has an access time of roughly 15 ms). Transfer rates are also sustained throughout transfers which means you won't get a faster speed at the start which degrades over time - this performance will sustain itself throughout the SSD's life.
The iStorage DiskAshur PRO2 is expensive and is clearly not an SSD you buy if you are out on a budget but is for the professional that does not want to sacrifice the slightest bit of security. Every aspect of the design - from encryption fallbacks to physical ruggedness are a showcase of how much thought went into its development. Coming from the company that brought us the world's first portable encrypted storage (DiskAshur Pro) this is hardly surprising and makes this the perfect drive to buy for the security professional.
The various certifications of the DiskAshur PRO2 would also allow it to be depoloyed in military and enterprise circles on a more serious level than just the retail individual. The certifications also open up a market for this SSD that other encrypted media would not be able to tap into (without the same level of certifications). All in all, the PRO2 is a very impressive line of SSDs and I am more thann happy to recommend it for the serious security-concious proffesional. If you are an average consumer and want an alternative that's easier on the wallet, you can try out the DiskAshur 2 series.
The DiskAshur PRO2 provides certified, military-grade encryption in a non-performance-degrading package that should be perfect for the serious, security conscious user.
- Encryption certifications for enterprise use
- Dedicated on-board encryption hardware
- Self-destructs data and encryption keys if a brute-force attempt is detected
- Encryption keys are also encrypted at rest
- No performance degradation
- USB 3.1 integrated cable
- Very rugged
- Pricey compared to non-encrypted SSDs