USB media represents a double-edged sword: on the one hand, data portability is an extremely useful thing; but on the other hand, data portability can be a gigantic liability for your business operations. You can try to train your users not to put sensitive data on USB drives, but chances are that convenience will win out over security, and your data will slip out on USB media anyway. And then it’s all too easy for USB media to simply disappear: I can’t count how many thumb drives I’ve lost. New products are coming soon to help solve this problem.
Lexar is releasing their Jumpdrive S3000 FIPS, “the world’s first smartcard-based Level-3 FIPS certified USB flash drive”. This means that the data you put onto the drive is encrypted in such a way as to pass the U.S. Government’s security standards. I’ve had a review model for a couple weeks now that I’ve been playing with, so expect a full review soon. Basically, a little shim application is run from the Jumpdrive itself which locks (encrypts) and unlocks (decrypts) the data for use. You assign a password upon initialization, and are thereafter prompted to enter that password in order to unlock the drive. After too many consecutive authentication failures, the data is automatically deleted from the drive. I don’t have the ability to perform a real cryptographic attack against this thing; but my experiences so far indicate that your data will be secure (and waterproof!).
Fujitsu has on display a CEATEC similar secure USB drives. The stand’s label is “Technology for Safely Transporting Sensitive Data Featuring Secure USB Memory”. There’s no indication that this is FIPS certified, and no specific encryption algorithm is mentioned; but the Fujitsu model does list a couple of other features that will be particularly useful in enterprise scenarios. You can limit transfer of data to or from the device to only authorized computers (presumably via some sort of software authentication mechanism). Data can be set to “expire” (read: automatically deleted) after a certain time. And the unit maintains a comprehensive log of operations for auditing purposes.
Note that the Fujitsu website makes it pretty clear this is still in prototype stages, while Lexar’s Jumpdrive S3000 FIPS is a real product you’ll be able to buy.