Kingston has been diversifying in recent years, and one new area for them is secure storage devices.
Its latest product in this sector is the Kingston IronKey Vault Privacy 80, or VP80ES as it is also designated. It’s a USB connectable SSD that doesn’t require a software installation to work with any PC.
With DataLocker and others already established with their products, how does this Kingston solution match up?
Price and availability
The Kingston IronKey Vault Privacy 80 comes in three capacities starting with a 480GB model, and larger 960GB and 1920GB models are available.
Unusually for Kingston, no MSRPs have been set for this hardware. Instead, across the EMEA, vendors decide on the pricing.
To give a general idea, we found one vendor in the UK selling the 480GB, 960GB and 1920GB for £282.34, £341.92 and £479.04, respectively.
In the USA, we found the same items listed on Newegg.com for $248.99, $345.99 and $488.99. This pricing strongly hints that the larger capacities offer better value.
Design and features
What’s nice about this product is that Kingston didn’t try to do anything overly theatrical with the aesthetics. It’s a USB-C external drive that has a touch display on the top, and along with the drive, Kingston included two USB connecting cables for USB-A and USB-C and a soft neoprene carry pouch.
On the front of the pouch is a small pocket presumably included to carry the cables, but it isn’t big enough to carry even one. Maybe a divider inside might have been a better idea.
There is also a ‘Quick Start Guide’ that provides basic instructions in ten different languages and directs the owner to a more extensive user guide that can be downloaded from the Kingston website.
The attractive metal blue finish gives the impression that the VP80ES has a metallic construction, but it’s plastic. That does help keep the weight down to 262g, including cable.
Plugging in the VP80ES for the first time, the software on board asks for the owner to define an admin password inputting that via the touch screen. This touch display is approximately 60 x 45mm, although it isn’t flush with the case, and the recess makes the working space available for touching less.
Interface: USB 3.2 Gen 1
Package Includes: Neoprene travel case, USB 3.2 Gen 1 C-to-C cable, USB 3.2 Gen 1 C-to-A cable
Capacities4: 480GB, 960GB, 1920GB
Speed: Up to 250MB/s read, 250MB/s write
Dimensions: 122.5 mm x 84.2 mm x 18.5 mm
Operating Temperature: 0°C to 45°C
Storage Temperature: -20°C to 60°C
Compatibility: USB 3.0/USB 3.1/USB 3.2 Gen 1
Security specification: FIPS 197 certified
Warrant/Support5: Limited 3-year warranty
The simple interface can be operated either with a stylus (not provided) or a fingertip. It’s much easier with a stylus due to the relatively small scale of the screen combined with adult fingers. Given its price, why a cheap stylus wasn’t included is a mystery.
What Kingston is offering here is a familiar form factor, but with the added functionality of being an FIPS 197 certified device that uses XTS-AES 256-bit encryption to keep the contents safe from hackers.
Above and beyond the data encryption, the drive has been designed to resist BadUSB attacks and brute force methods. It also sports a Common Criteria EAL5+ certified secure microprocessor
All the clever parts of these products are hidden on the inside, but the designers of this have created something that shouldn’t intimidate the average user.
Security storage is always travelling a fine line between offering the best possible protection and the practicalities of being useable.
The approach taken in the VP80ES is to provide two levels of secure ownership, where an administrator can control user accounts.
This makes perfect sense, as invariably this device will be handed to a user that forgets their password, and the admin can then retrieve the situation, theoretically.
What an IT department should never do with this device is hand the device directly to the user since they’ll set the admin password and then potentially forget it.
One mild regret is that the admin password can be configured to be only six characters long, entirely numbers or letters and devoid of special characters.
As the admin can force users to use more characters (up to 64) and mix letters and numbers, having strong password rules should apply to the admin from the outset?
Once the drive is unlocked, the drive partition can be formatted in whatever file structure is considered appropriate. It comes pre-formatted with ExFAT, but it could be easily switched to NTFS or EXT4 before files are copied onto it.
In the admin settings, it is possible to say how long the drive should remain unlocked while connected, and it is possible to quickly lock it for those that need to leave the room.
What’s good about this solution is that the drive is effectively OS agnostic and doesn’t require locally installed drivers or software. But it isn’t all rainbows.
At some point, those designing the Kingston IronKey VP80ES got carried away with their secure processor and intrusion protection and took their eyes off the user experience.
Because you can’t easily key an unlock code into the unit quickly due to a significant delay after each letter or number is selected. We later determined this was due to the size of our fingers, as with a stylus, it worked much more smoothly.
But this isn’t the only potential issue that we noted. There is another problem to do with the user account mode of the device. When a user account is created, and you can have only one, a password is defined for that user that they can use to access the device.
With this mode operational, when the device is powered up, it asks if the password will be ‘admin or user’, and the user password doesn’t provide access to all the menu functions that the admin has.
But one caveat to user mode is that a limit is set to how many incorrect passwords can be input before the device automatically erases the contents to prevent brute force attempts. The maximum number of wrong tries allowed is 30, and the minimum is 10, but worryingly that number is shared between the user and the admin.
Therefore, the user can use up all their attempts and erase the drive before the admin has a chance to retrieve the situation.
It doesn’t take much imagination to see a scenario with a user who won’t or can’t call the admin going horribly wrong. And the user goes to the admin after their data has been irretrievably erased.
Here’s how the Kingston IronKey VP80ES 480GB performed in our suite of benchmark tests:
CrystalDiskMark 8.0.4: 269.25MBps (read); 256.72MBps (write)
ATTO: 257.03MBps (read, 256mb); 240MBps (write, 256mb)
AS SSD: 251.36MBps (seq read); 240.67MBps (seq write)
AJA: 251MBps (read); 237MBps (write)
The VP80ES is an SSD, but it’s not one that will break any speed records.
It’s reasonably safe to assume that the SSD technology inside the VP80ES is SATA based, and that would theoretically peak at around 500MB/s. Encryption and decryption can reduce this performance, but the loss of half that speed seems on the excessive level.
We’ve seen others argue that secure storage performance isn’t essential, but if you are rushing to get a flight or train, then being able to write at a maximum of around 245MB/s might become more of a factor.
These results reveal that the VP80ES is slower than almost any USB SSD we’ve seen recently and about the same speed as the DataLocker DL4FE, another disappointing performer.
What’s undeniable about the Kingston IronKey VP80ES is that information stored on it should be secure, as much as the passwords defined for it are. Give this to the sort of person who has sticky notes with passwords stuck to their monitor, and it won’t be.
But, other than one point we’ll get to, the technology used in this drive achieves a high level of security that some will be interested in.
However, there are a few issues with this design that potential purchasers need to be aware of.
As a USB SSD, this isn’t a very fast drive, and we’ve used conventional hard drives that could better the read and write speeds on offer. This might have been mitigated had the USB interface been one that supported USB 3.2 Gen 2, but only half that bandwidth is available to Gen 1 devices.
Another problematic area is the touch panel. This interface works very well with a stylus but less well with a fat finger. Spend the small amount needed for a small rubber-ended stylus and get fewer password input mistakes.
That might be critical, as the password input errors can erase the drive if the user or admin exceeds the number of tries. The protection approach assumes that the security of the contents is more important than those files, so it would be a poor place to put the only existing copy of any data.
Conversely, if the data isn’t important but keeping it under control is, then this should be fine.
We also need to talk about secure storage costs, often much more than might be expected for an SSD of the same capacity.
The pricing of this product seems very close to the DataLocker DL4FE at the same capacities, a product that offers the same touchscreen input but has remote control features.
Technically, the DataLocker DL4FE is security rated for FIPS 140-2 Level 3 Device certification, but the FIPS 197 standard that the VP80SE has is the next rung down the security ladder. The DataLocker solution does offer a much more extensive range of capacities going up to 16TB if you like spending big.
Unless you specifically want a means to kill the contents of a drive remotely, the Kingston VP80SE is an effective option. But we’d recommend some training for those using it about how to remember passwords and when to contact the admin before data loss occurs.