The World According to Mitch

I have been telling my students for years that they do not need to be cybersecurity specialists, but they do need to plan security into every phase of their operations. That holds equally true if you are an application developer, infrastructure specialist, or desktop administrator. By not planning security into every aspect of what we do, we are inviting cyber threat actors to run roughshod through our systems.

In late 2019 I received my first completely secure external drive from Apricorn, and I wrote about it on this blog at the time (see article). I loved it then, and I still use it for secure storage of sensitive files. I have gladly shown it to customers and students and have recommended it widely.

A few months ago, I realized I needed a larger hardware-encrypted drive for a project. Because I would not be able to either pass on or recover the costs, I decided to buy a different product from another vendor (who I will not name). When I received it, I realized that there was a reason they were cheaper… the drive felt cheaper. It felt like a plastic toy. I suppose you really do get what you pay for, right?

Recently I received another email from the folks at Apricorn asking if I would like to try a new product of theirs – the Aegis NVX. I looked at it on their site and it looked interesting – a smaller form factor than the Fortress L3 that I still use but made with the same aircraft-grade aluminum. I quickly agreed to give the new unit a test drive.

The Apricorn NVX has a built-in USB-C cable that is rated to 10Gbps. It is also smaller (4.6” x 2.4” x .5”) than its older brother, owing to the switch from the legacy 2.5” drives to the modern NVMe storage, which of course means that there is no HDD option in the NVX. At present it is only available in the 500GB, 1TB, or 2TB models, but let’s be honest… that is larger than most of us will ever need. While I would have been happier with the 2TB model (or even the 1TB model which would have solved my previous project issues), I am more than satisfied with the 500GB that they sent for me to test drive.

An old IT Pro’s lament:

I remember as a teenager back in the 1980s I was thrilled with my 20MB hard drive, which cost about $600 at the time. When, a couple of years later, I upgraded to a 40MB drive (please note that this is MB as in megabytes, and not a typo) I could not imagine ever needing anything larger. After all, what individual would ever have that much data? Most millennials cannot fathom the idea of a drive so small being of any use. Maybe I’ve been in the business too long. Now get off my lawn!

When the package arrived, I was excited to open it up and try it. Sure enough, while it is only a little bit smaller than my Fortress L3, it feels much smaller. The box contained the drive, a semi-hard case, and two extension cables (one to USB-C, the other to USB-A).

The box clearly shows that the product was designed and assembled in the United States. While that might not mean much to some, anyone who is aware of the security issues involved in vendor sourcing will understand that there are some countries known for their less-expensive manufacturing processes that might not be trustworthy when it comes to security appliances. Frankly, there are a lot of people who know nothing of the subject but still know (or suspect) that some of those countries are doing everything they can to spy on western countries and corporations. All this to say that I would much sooner trust a security product made in the USA or in Israel than… well, over just about every other country right now.

Performance

It was obvious to me that a drive that is four years newer will be faster, but as I always tell my students: fast and slow are opinions, not measurements. I used the following command to test the two drives: winsat disk –drive X.

(In order to ensure scientific method, I disconnected the docking stations and plugged each drive directly into my Surface Laptop 4 USB-C port.)

The speed improvement ranges from decent to massive. I still consider the Fortress to be a fast drive, but the NVX is more than twice as fast on writing, and more than three times the speed on reading. There is no question that the newer model is outperforming the older (and still very respectable) model. I am quite happy with that!

Security

The outer case of the NVX is a milled aircraft-grade aluminum case featuring a keypad and three status lights. According to the user guide it is rated IP67 against dust, grit, and water penetration. I did some research to see if I could get a better understanding of what that means. It turns out that IP stands for Ingress Protection. The first digit denotes it is dust-tight (6 being the best rating), and the second digit denotes that it is water-tight against immersion in 1m (39”) of water for at least 30 minutes. While I will not be taking my hard drive swimming anytime soon, it is nice to know that my data would be safe in the event of a flood.

NOTE: There is a discrepancy on the Apricorn website which states the NVX is IP68, denoting more stringent limits (possibly at least 3m).

The drive is hardware encrypted using AES-XTS 256 encryption, which is presently the standard for the US government and military. It requires a PIN code between 7-16 digits, and blocks easily guessed pins (consecutive numbers or repeated numbers). If you feel the seven digits is not good enough, then the admin can enforce longer code requirements (up to 16 digits).

The NVX can be used by an individual, but if it is shared between users then it supports one admin PIN and four additional user PINs. The admin account has the ability to set individual users are either Read Only or Read/Write, so as to protect the integrity of the data.

In addition to the encryption, the NVX also includes great security features such as Unattended Auto-Lock (which can be set to 5, 10, or 20 minutes), Brute Force Protection, and a Self-Destruct PIN.

While the drive is pre-formatted with the NTFS file system, it can easily be reformatted for use with Apple, Linux, Symbian, Chrome, and Android.

As of now, the NVX is not FIPS (Federal Information Processing Standards) certified, as is the Fortress L3. The reason behind this is because by the time the NVX was released, the organization (NIST) had closed applications for FIPS 140-2. I am assured by the Product Development team at Apricorn that they are working to apply the NVX for FIPS 140-3 (the new version) by the end of the year.

Overall Impression

I am thoroughly pleased with this device and plan to recommend it to my readers, as well as to friends, customers, and students. Really, anyone who needs the peace of mind of a hardware-encrypted external drive. It is solid and gives me the impression that if I were to throw it across a gymnasium it would be unharmed (another test I have no intention of performing). The only drawback that I can see is the built-in USB-C cable, which if damaged or frayed would render the drive useless. I will make a point of not damaging the cable. Fortunately, when not in use the cable folds into the drive case very nicely so I doubt that would be an issue.

The Aegis NVX is 35 grams (1.25oz) lighter than the Fortress L3 (without its required cable) but feels just as solid. I will not be putting it through any physical stress tests, but I am confident in the encryption that will keep my data safe. Knowing that the Fortress has served me well these last four years, I am confident that I will never need to take advantage of the 3-year warranty offered by the manufacturer.

Solid, Secure, Reliable, and Fast… the four traits that I was looking for in my next hardware-encrypted drive. If you are looking for the same, then the Apricorn NVX is a smart choice.