flash drives

What are they?

Flash drives are small portable storage devices for computer data, that typically attach to a computer via a universal serial bus (USB) connection.  The name derives from the use of "flash memory" -- solid state memory chips -- rather than the spinning magnetic disk of a hard drive.  Flash drives are also known as "jump drives," 'key drives," "pen drives," or simply "USB drives."

Flash memory is "non-volatile" -- meaning it stores data in a way that doesn't require a constant power supply for retention.  When active, flash drives simply use the power supply from the computer's USB connection; they require no internal battery or other external power source.

Flash drives are generally "hot-swappable" -- meaning they can be plugged into and removed from a computer at any time, except when a data transfer operation is in progress.  They are generally compatible with Windows, Mac and Unix-like operating systems. 

The solid state memory is very shock resistant, (especially relative to the spinning magnetic disk of a hard drive).  The devices can be written to and erased an effectively infinite number of times. 

All these characteristics make flash drives an excellent choice for a portable storage device -- one that has essentially replaced the floppy disk for smaller data volumes.   Storage capacities for flash drives currently range from 128 megabytes (equal to roughly 90 1.4-megabyte floppy disks) up to 2 gigabytes (1400 floppies). 

A typical flash drive encloses its circuit boards and memory chips inside a strong plastic case, about the size of a plastic cigarette lighter.  Only the USB connector protrudes, and it usually has a removable plastic cover as well.  The drive is sturdy enough to be carried around in a pocket, rattling around inside a briefcase or purse, or on a lanyard suspended from your neck.

Shock resistant does not mean shock invulnerable, however.  Severe physical trauma can damage a flash drive such that its data contents are made permanently inaccessible.  It is also theoretically possible -- though evidently rare -- for the flash memory to be disturbed by strong electromagnetic fields.  (Tests suggest that airport security X-rays are not a threat to flash drives or digital camera memories, which also rely on flash memory.) 

The more important vulnerability stems from the devices' portability.  Small and easy to carry around, they are also particularly susceptible to loss or theft. 

If you want to be sure your data is always available to you, keep at least one other copy in a secure location. 

Loss or theft of a flash drive containing sensitive data also presents security issues.  In general, you should not carry around large amounts of sensitive data on any portable storage device, for the same reason you shouldn't carry around a large amount of money.  It's too risky.

Many flash drives offer the ability to protect data using encryption.  Such devices divide up their storage capacity into "public" and "private" areas, with the latter only accessible via a password.  If you must carry around sensitive information on a flash drive, use a model that offers this capability and set a strong password.

Passwords on these devices can be vulnerable to a determined attacker using password-cracking software, so some USB keys rely on "biometric authentication" via fingerprint instead of or in addition to passwords.  But even these may be defeated by a determined attacker (e.g., by fake fingerprints on a plastic mold). 

So the bottom line is this: avoid carrying around sensitive data on a portable storage device like a flash drive.  When you must break this rule, protect that device as carefully and completely as you would a very expensive possession.

Flash drives used to be expensive, but the smaller-capacity drives are quite economical now.  If you're still using floppy disks for data transfers, it's definitely past time to make a switch.

File transfers via email attachment are a commonly-used alternative to lugging a physical device from place to place.  Many organizations also offer Web-based file transfer utilities. But note that neither email attachments nor the web-based utility are generally considered secure enough for sensitive data transfers, unless some sort of encryption capability is included.

For larger storage needs, hard drives are more cost effective -- if a larger device size and the requirement for an external power supply are not deal breakers.  Hard drives can provide hundreds of gigabytes of storage quite cheaply.  Like all hard drives, they are subject to unexpected and sometimes catastrophic failures which can cause a loss of all data.  You should not rely on any hard drive, including the one inside your computer, to store your only copy of important data. 

High volume storage where re-writing is not needed, such as for archival backup copies, can more cheaply use write-once optical media like CD-Rs, DVD-Rs and DVD+Rs.  The long-term productive life of optical media like CDs and DVDs is claimed to be many decades (though this has not been clearly established).  Even so, you should not rely on optical media -- or any other kind of media for that matter -- for your only backup copy of important data.

Needless to say -- at least we hope it is needless to say -- whatever data storage medium you use, be sure to keep it in a physically secure place, as safe as possible from human and environmental threats.

Flash drives (Wikipedia)
An overall description of how they work, with links to every conceivable technical detail

Protecting Portable Devices: Physical Security (US-CERT)
Basic steps for keeping your portables physically safe

Protecting Portable Devices: Data Security (US-CERT)
Basic steps for protecting the data on portables

Last modified: 23-Apr-2006 [RC]