PRODUCT REVIEW

SanDisk Cruzer Enterprise Solution (2GB Secure Flash Memory Drive with Central Management Console)

Basic Device: 2GB Flash Memory Drive with automatic hardware-based AES encryption and mandatory password-based access control

Options: Central Management Console (CMC) for enterprise policy control and reporting

Security Specifications: Designed for FIPS 140-2 Level 2 certification. SanDisk is in the process of obtaining Common Criteria EAL 2 certification

Price: $80 to $120 US

Vendor Website: http://www.sandisk.com/OEM/ProductCatalog(1340)-Cruzer_Enterprise.aspx

Disclaimer -

While I do not have the time or resources to do full technical comparisons and evaluations of security solutions, I am able to give my opinion on products I have had the chance to use. SanDisk provided me with their device to evaluate, but did not ask for any special restrictions on how I chose to write this review. Also, if you are considering a secure USB Flash Drive solution, you should do a thorough evaluation against your own criteria.

Review Comments -

In my view, the SanDisk Cruzer Enterprise solution offers surprisingly good value for enterprises and individuals looking to secure their mobile data. The reason I say surprisingly good is because many of us have come to think of SanDisk as a consumer products company - SD memory, MP3 players, etc. So, it is a bit surprising to see a truly enterprise-oriented solution, as opposed to just licensing an encryption product, loading it into the device, slapping the word enterprise on the package and shipping it.

The basic Sandisk Cruzer Enterprise USB Flash Drive, on its own, is very easy to configure and use - on BOTH Windows and Mac machines, interchangeably. You simply follow the initial instructions to set the password, and - if you wish - you can enter a password hint and some contact information, in case you lose the device. The device is then ready to use, just like a normal USB drive. The only difference you will see, otherwise, is a second drive when used on a Windows machine, where the control software resides.

The only improvement I would want to make on the device itself is to provide some area for external labeling on the case. The texture of the black casing is an easy-to-grip plastic that almost feels like hard rubber. But it's almost impossible to write on any part of it with a ballpoint pen, and a black marker will obviously not leave a detectable mark. Of course, you can put contact information into the device, which is stored in an unencrypted field that anyone can read if they plug it in. However, part of my personal crusade is to discourage people from plugging unknown devices into their computers, so they don't become infected with viruses or other malware (see my Honey Stick Project Research - HERE). An external label area that allows for labeling in ink would still be useful, despite the internal contact information feature.

For larger organizations, the Sandisk Cruzer Enterprise offers a very complete mechanism for managing mobile data that complements the features of the stand-alone USB Flash Drive. The server component is called the Central Management Console (CMC).

Once configured for enterprise use, the Flash Drive will always try to check via a secure connection with its management server to obtain up to date policy and instructions, including a remote "erase" command if the device is reported lost - or the employee is terminated! The policy control and reporting I observed in a demonstration was very extensive, and would be very helpful in IT governance environments where there are strict regulatory compliance requirements.

Another nice touch for large enterprises is the integration with RSA SecureID systems. Onboard software can provide access - via a GUI displayed on the desktop - to a constantly changing sequence of 6-digit synchronized numbers used for high-security, two-factor authentication systems. This can save employees from having to carry around 2 separate devices for storage and authentication.

Other centrally managed features of the SanDisk solution include the ability to log all file reads, writes and deletions for audit purposes; as well as support for secure central backups and centralized deployment of utility software and data to the device. Suddenly, a remote team of sales and marketing people can have conveniences like up-to-date pricing and customer information in a secure package. They might actually start to develop a caring relationship with their little Flash Drives that provide a life-line back to the mother ship.

Based on my use of the device, the live CMC demonstration, and the documentation I had a chance to review, it's obvious that an impressive amount of thought has gone into the Cruzer Enterprise's design and implementation. It clearly shows that SanDisk is serious about providing a complete and practical mobile data security solution for their enterprise customers.