iStorage diskAshur 2 Rugged Secure HDD Review

The iStorage diskAshur 2 is a rugged external HDD built to offer full protection for the stored data by relying on the real-time military grade AES 256-bit hardware encryption (XTS mode) and ensuring that without the PIN, any type of attack is rendered useless.

These type of devices have been around for quite a bit, being very common in the corporate world where data safety is the number one priority, so the targeted audience for iStorage is mainly the companies, while the consumer market may be a bit more reserved on adopting this type of security solution (well, mostly because of the cost).

Note: The diskAshur 2 is available in various capacities (from 500GB to 5TB HDD and from 128GB to 4TB SSD – the device that I’m testing right now is a 2TB HDD), but the company has also made available a PRO series with the same capacities as the diskAshur 2, which offers some additional certifications: NCSC CPA, FIPS 140-2 Level 2 / Level 3 (the non-PRO series comes only with the FIPS PUB 197 certification), NLNCSA BSPA and NATO Restricted, therefore making it more suitable for regulated industry sectors.

How does the software encryption fare against the hardware-based type?
When I tested the datAshur Pro USB drive, I talked a bit about the advantages and disadvantages of using either type of encryption and the same principles can be applied in the case of the iStorage diskAshur 2. The Microsoft Windows 10 OS comes with BitLocker as a free option and it is a reliable way to password-secure your HDD drives, being able to offer some amount of protection for your data. But the encryption is still as secure as your computer (or mobile device where the encryption/decryption process will happen), so, considering that barely any computer is left unconnected to the Internet, you are left a lot more vulnerable than you would by using a hardware-type encryption.

Furthermore, since the encryption / decryption process relies on your computer, it can eat up a lot of resources and there is a possibility that it may slow down until the process is done. The advantage of the software-type encryption is that the data can be more easily recovered in case you forget the password, something that can be impossible with a hardware-type encryption device. The iStorage diskAshur 2 relies on a dedicated secure microprocessor which is Common Criteria EAL4+ ready (evaluated at a similar security level to the commercial operating systems, which includes Microsoft Windows OS) and it has the role to automatically encrypt and decrypt the data without affecting the performance of the HDD.

Another advantage that the hardware-based encryption has over the software-based one is that, with the former, in case you enter the wrong PIN several times, the data remains inaccessible forever, while, the latter can be vulnerable to brute-force attacks. Some may wonder, why not just open the case and simply bypass the microprocessor protection? Well, the diskAshur 2 is tamper-proof, so it will destroy the processor in case one wants to pry open the device. As I said before, the only disadvantage remains the loss of data in case the user forgets the PIN, so you need to make sure to regularly back-up your data, but, as an additional safeguard, iStorage has added a page with two software options, one is Nero BackItUp (has free lifetime licence) and the other is DriveSecurity (1 year free license) – to activate these extras, you need to email iStorage.

Design

For an external rugged hard drive, the iStorage diskAshur 2 (2TB) is actually decently compact, measuring 4.88 x 3.30 x 0.74 inches (the 3, 4 and 5TB variants are slightly bigger) and, as a comparison, a WD Caviar Black HDD that I use measures 5.79 x 4.00 x 1.03 inches and, while I know most of you have already passed to SSDs which are definitely smaller, it’s nice to see that the device won’t occupy too much space (the manufacturer has also included a nicely made protective case for an easy transportation).

The device is available in several colours (black, blue, red and green) and the case itself is made of plastic which is covered by a soft-to-touch coating (the datAshur Pro USB opted for a metal case). Surrounding the main device, there’s a hard plastic frame and on the bottom of the device there are four feet for preventing the HDD from falling off the desk.
Not that much would happen since the diskAshur 2 was built to be shock-resistant and this is an important factor considering that HDDs are generally more fragile than SSDs (as an example, I dropped my Samsung T5 256GB too many times and it still is perfectly fine).

Additionally, the HDD is also IP56 rated, so it is dust-protected and will survive powerful water jets without experiencing any damage. On top of the device, you’ll be able to find a keypad that is epoxy-coated to be wear-resistant (and to make sure that people can’t guess the combination by looking at the worn out keys) and, next to the keypad there are three LED indicators.
First, there’s the Standby State/Locked LED indicator which, when it’s red, as its name suggests, it means that the device is either locked or in stand-by state; the second is the User Mode / Unlocked indicator which, when green, it means that the drive is unlocked and the LED will blink when the data is being moved to and from the HDD; the third is the Admin Mode LED indicator which, when solid blue, it will show that the user has access to the Admin Mode where he can set an Admin PIN (a necessity in case someone forgets the User PIN).

The iStorage diskAshur 2 lacks any external port and the only way to access it is by using the USB 3.1 cable that is attached to the case, but, because it’s a bit small (it measures only around 4.5 inches), the manufacturer has added a long USB extension cord inside my package. One other thing that I noticed is that while I was testing the device, it did get slightly warm (which is normal) and, while it was completely silent, I could feel only some faint vibration even when under a heavier load (which is actually quite good – my other WD disk is a lot noisier).

Note: Inside the case, the the manufacturer has covered all of the components of the iStorage diskAshur 2 with a layer of super tough epoxy resin which makes it close to impossible not to damage the drive in case you want to take it apart.

How to Use it
As with the other iStorage devices, the default PIN number is 11223344 and, in order to first unlock the drive, you need to insert the PIN and then simply press the unlock button (the Unlock and Admin LEDs will flash intermittently and when the Unlock button will become solid green, you can access the HDD’s content). Of course, this PIN has to be changed immediately and, to do so, you need to create a new Admin PIN: while the HDD is locked (the red LED is solid), you need to press the Unlock and the key 1 at the same time (until the Green and Blue LEDs start flashing), enter the default Admin PIN (11223344) and press Unlock – you will know that you entered the Admin Mode when only the blue LED is enabled and becomes solid.

In Admin Mode, press and hold the Unlock button along with the key 2 until the blue LED remains solid and the green LED starts blinking – while in this state, enter your new Admin PIN once and press the Unlock button (the blue LED should turn off for a second and on again) and immediately afterwards, re-enter the new Admin PIN and press Unlock (the green LED will turn off and the blue LED will rapidly flash for a few seconds before returning to a solid state); to exit the Admin Mode simply press the Lock button.

The Admin PIN is important because it can be used to recover the data in case the User PIN is forgotten, so it should not be shared with anyone (for example, it is ideal to give User PINs to your employees, while keeping the Admin PIN for yourself). To add a User PIN, you need to once again access the Admin Mode (while the HDD is locked, insert Unlock + Key 1, followed by the Admin PIN and Unlock) and, once the blue LED becomes solid, press and hold the Unlock button + key 3 until the blue LED remains solid and the green LED starts blinking; at this point, insert the new User PIN followed by the Unlock button and, once the green LED re-initiates the blinking, re-enter the User PIN and once again press Unlock (at this point, only the blue LED will be enabled and it will flash rapidly until it will become solid) – to exit the Admin Mode, press Lock.

Note: It’s important to know that, in order to enter the User PIN, you need to first press Unlock, then the PIN and again Unlock.
These are the basic functions, but the iStorage diskAshur 2 allows for a wide range of configuration options: the Admin can set a User PIN Policy (such as the requirement of using a Special Character), can change or delete the User PIN, can set the HDD as Read-Only for the User and it can create a Self-Destruct PIN (which when entered, it automatically deletes all the data, as well as the Admin / User PINs); furthermore, the Admin can set an Unattended Auto-Lock Clock so, in case the disk is left unattended for a certain period of time, it will automatically lock itself and the Admin can also configure the Brute Force Protection (select the maximum number of times the PIN can be entered incorrectly before the data will be lost forever).

Protection and Performance
As we’ve already seen, the iStorage diskAshur 2 is tamper-proof, so there’s no way to access it by opening up the case, but it also comes with protection against the Brute Force Attack (in case the User and the Admin PINs are incorrect, after a certain amount of tries, the HDD will have its data erased automatically – that’s why it is very important to let your employees know that in case they got the PIN wrong, to not continuously try to enter it, but to immediately go to the IT department). Furthermore, the HDD is invulnerable to keyloggers and to the BadUSB exploit, but I also noticed that when the laptop / desktop PC enters sleep mode, the diskAshur 2 locks itself (something that doesn’t happen with some other secure HDDs on the market which remain unlocked as long as power is provided to them, therefore making them vulnerable).

To test the performance of the hard drive, I used several benchmarks available online. First, I used the CrystalDiskMark benchmark and the sequential read was 132 MBps and the sequential write was 133.1 MBps (as opposed to the 126.7 MBps and 117.7 MBps read/write speeds that I got with a WD Caviar Black HDD). Next, I used the ATTO benchmark which puts the WD HDD a bit ahead of the diskAshur 2: the latter delivered an average of 127 MBps write speed and an average of 124 MBps read speed from 32KB to 64MB (I/O Size), while the former delivered an average of 147 MBps write speed and an average of 168 MBps read speed from 32KB to 64MB (I/O Size).
These results show that the iStorage diskAshur 2 is a decent performer and, while not as fast as an SSD (for obvious reasons), it’s still quite fast for an external HDD.

Check out the product here: