Decoding the world of cybersecurity

Four terabytes in an encrypted USB drive

Apricorn has launched a 4TB hardware-encrypted USB device for moving large sensitive datasets where network transfer is impractical, with FIPS 140-3 validation still in progress.

Four terabytes in an encrypted USB drive
Summary
  • The 4TB Aegis Secure Key 3 combines a mini solid-state drive with hardware encryption and keypad-based, software-free authentication.
  • Apricorn says the new model improves read and write performance and can shut down when temperature or electrical conditions move outside safe thresholds.
  • The product has been submitted to NIST’s validation programme but is not yet FIPS 140-3 Level 3 validated.

Apricorn has launched a 4TB version of its Aegis Secure Key 3, placing solid-state-drive capacity into a keypad-authenticated USB format intended for organisations that move large volumes of sensitive data outside conventional networks.

The device uses a mini solid-state-drive architecture with hardware-based encryption and software-free authentication. Apricorn describes the 4TB model as having eight times the capacity of comparable hardware-encrypted USB flash drives.

A new bridge-controller chip supports higher transfer performance, with read speeds up to 31% faster and write speeds up to 16% faster than the previous generation, according to the company.

The device also monitors temperature and electrical conditions and shuts down if they move outside safe limits. Operation can resume once conditions return to the permitted range, protecting the hardware and stored data during field work or transfer between environments.

Apricorn says the product was engineered to meet or exceed FIPS 140-3 Level 3 requirements and has been submitted to the US National Institute of Standards and Technology’s Cryptographic Module Validation Program.

Submission does not confer validation. The company’s product notice says the validated configuration will be announced after the NIST process has been completed. Procurement documents requiring an already validated module will need to account for that status.

Portable capacity increases the data at stake

Encrypted removable storage remains useful where datasets are too large for available networks, systems are isolated, or organisations need to transfer evidence, backups, imagery, design files, or operational information between controlled environments.

Government, defence, healthcare, finance, legal, industrial, and digital-forensics users may also require physical transfer where cloud services are restricted or impractical. A 4TB device makes those workflows more compact, while concentrating a substantial volume of information into an object that can be lost, stolen, retained, or connected to an untrusted system.

Hardware encryption protects data at rest while the device is locked and correctly configured. It does not determine whether a user was authorised to export the information, whether malware copied files while the drive was unlocked, or whether the receiving endpoint can be trusted.

Removable-media governance therefore needs to cover device issuance, permitted data classifications, custody, inventory, PIN administration, failed-attempt policies, return, sanitisation, and destruction. Cryptographic strength forms one part of the control environment rather than replacing it.

Higher capacity can also weaken data minimisation when users copy complete folders or datasets rather than the material required for a specific task. The consequence of loss increases, and investigations become more difficult when the organisation does not maintain a record of what the device contained.

Validation status affects procurement

FIPS validation is commonly used in public-sector and regulated procurement as evidence that a cryptographic module has passed defined testing. Buyers need to check the exact certificate, module version, firmware, configuration, and current validation status rather than relying on product-family language.

A submitted product may ultimately receive validation, but the final configuration and completion date remain unsettled until the process concludes. Contracts requiring a validated module should distinguish the new 4TB product from earlier models in the same family.

Apricorn describes its AES-XTS hardware-encrypted products as quantum-resistant. AES remains widely used for data-at-rest protection, although that description should not be confused with certification under the emerging post-quantum public-key standards intended for key establishment and digital signatures.

Availability also remains part of the design. A hardware-encrypted drive can become a single point of failure where there is no duplicate, controlled backup, recovery procedure, or alternative transfer route. Protection against unauthorised access has to sit beside plans for loss, damage, failed authentication, and device unavailability.

The 4TB Aegis Secure Key 3 extends the volume of information that can be carried in a compact encrypted format. Its operational value will depend on whether custody, data minimisation, recovery, and certification requirements develop at the same pace as the available capacity.

×