The Best Secure SSDs and Hard Drives for 2024
It could be an accident, it could be theft: It’s just too easy for the data on an unsecured external hard drive or SSD to fall into the wrong hands. To keep your data safe, consider an encrypted external drive. (In fact, some organizations mandate hardware-based encryption and other security criteria in drives they purchase.) Let us help: At PC Labs, we’ve been testing personal storage since the early days of PCs, and our analysts run drives through rigorous, repeatable tests to quantify speed. We also evaluate drives on design, usability, connectivity, bundled software, and (of course!) value. We’ve tested a wide variety of encrypted drives; our current top pick for most users is Crucial’s X9 Pro. We’ve also selected a slate of others for different user scenarios and budgets. Below, check out our latest favorites and their specs, plus advice for understanding drive encryption and other important security features.
Deeper Dive: Our Top Tested Picks
Best Encrypted External SSD for Most Users
Crucial X9 Pro
- Lightweight and compact
- Good PCMark 10 benchmark score
- IP55-rated for dust and water resistance
- Drop-proof up to 7.5 feet
- 256-bit AES hardware-based encryption
- Five-year warranty
- Included USB-C cable is short
- Lacks USB-C-to-A cable or adapter
A tiny yet highly capable external SSD, the Crucial X9 Pro scored well in our benchmark tests and comes in capacities up to 4TB. The X9 Pro’s 256-bit AES hardware-based encryption and basic ruggedization features protect it from tumbles, as well as both meteorological and human threats while you’re traveling. Its interface supports the USB 3.2 Gen 2 standard, which affords near-universal compatibility if your computer has a USB port (although you’ll need an adapter to connect to a Type-A port).
The Crucial X9 Pro is a competitively priced, highly portable external SSD that should appeal to most anyone. The X9 Pro is great for travelers, or indeed anyone who wants a fast, reasonably rugged, and secure portable SSD.
Learn More
Crucial X9 Pro Review
Best Ruggedized Encrypted External SSD for Most Users
Samsung Portable SSD T7 Shield
- Provides protection from rain, dust, and drops
- AES 256-bit hardware-based encryption
- Offers the raw speed of a USB 3.2 Gen 2 drive
- Comes in capacities up to 2TB
- Relatively short three-year warranty
- Not the fastest external SSD for everyday storage tasks
The Samsung Portable SSD T7 Shield is a well-rounded external SSD with competitive speed, AES hardware-based encryption, and a rugged exterior that protects your data from drops, dust, and rain. The T7 Shield is more shockproof than the previous T7 drives, and unlike them is rated for dust and water resistance. Its security isn’t quite as convenient as that of the Editors’ Choice-honored Samsung T7 Touch with fingerprint reader, but it should keep your information safe, and it’s better-protected than the Touch is. It’s a good choice for travelers and outdoor workers who want a pocketable drive with good capacity that can stand up to the elements and won’t cause them to lose sleep if it’s lost or stolen.
The Samsung Portable SSD T7 Shield is a durable and secure choice for outdoor workers and travelers, if on the slow side compared to non-rugged SSDs. If you’re a homebody, there’s not much point in investing in this product. But if you ever take your laptop on the road or into the wilderness, whether for business or pleasure, you’ll appreciate having a drive like the T7 Shield. It will keep your data safe in the event of loss or theft, and provides protection from the elements.
Learn More
Samsung Portable SSD T7 Shield Review
Best Fingerprint-Secured External SSD
Samsung Portable SSD T7 Touch
- Built-in fingerprint reader and LED status indicator.
- Compact size.
- Fast performance.
- Available in capacities up to 2TB.
- Three-year warranty.
- Relatively expensive.
- Requires software for fingerprint unlocking on a PC or Mac.
The Samsung Portable SSD T7 Touch is a tiny, 2-ounce aluminum rectangle that plugs into a USB 3.2 Gen 2 port. (Samsung provides both USB Type-C and USB Type-A cables so you needn’t fuss with a dongle.) It combines quick performance with roomy storage. The T7 Touch protects your data in a way few others can: with a built-in fingerprint reader that ensures your sensitive files are for your eyes only. Technically, fingerprints aren’t as secure as complex passwords, but they’re a lot more convenient, and you can’t forget them.
If you need plug-and-play access to your documents on any nearby PC, the T7 Touch isn’t for you—you must have Samsung’s Windows, macOS, or Android software installed to use the fingerprint reader. But if you’re looking for a mix of security and speed, your corporate or personal secrets are safe with this drive.
Learn More
Samsung Portable SSD T7 Touch Review
Best Keypad-Secured External SSD for Most Users
Apricorn Aegis NVX
- Very fast for a hyper-secure drive
- Chock-full of security features
- Shockproof and crush-proof
- Impervious to dust or water with IP67 rating
- Relatively high cost per gigabyte
- Not yet FIPS 140-3 validated
Thanks to its NVMe internals and USB 3.2 Gen 2 support, the Apricorn Aegis NVX has one thing that no other SSDs with its wealth of protective features can offer: the speed you’d expect from a typical consumer-level external SSD. This, device, which has a built-in keypad for access, requires no software to run and can be used with any device with a USB-C or USB-A port. It’s easy to set up an administrator password, and you can add passwords for multiple users. The drive’s AES-XTS 256-bit encryption is effectively impervious to brute-force attacks. The NVX is also shockproof, waterproof, and dustproof.
The Aegis NVX is for users who want an ultra-secure SSD without taking a hit in speed. It’s a rugged drive, so it’s also a great choice for travelers or for outdoor use. However, if your company requires security certification, you might want to wait to buy it. Apricorn is currently modifying the NVX to submit the drive for Federal Information Processing Standards (FIPS) 140 Level 3 validation.
Learn More
Apricorn Aegis NVX Review
Best Ruggedized Keypad-Secured External SSD
iStorage DiskAshur M2
- AES-XTS 256-bit full-disk hardware encryption
- IP68 ruggedness rating
- Compatible with Windows, macOS, Linux, Chrome, Android, and more
- Supports an administrator PIN, plus separate user PINs
- No software to install
- Aggressively priced for a security-focused SSD
- More expensive per gigabyte than standard external SSDs
- Much slower transfer rates than less-security-minded drives
Worried about your data falling into the wrong hands, or falling onto a rocky trail or into a puddle or pond? The iStorage DiskAshur M2 is compact for an ultra-secure SSD, and it’s built to survive a half-hour bath in 1.5 meters of water or being run over by a 2.7-ton truck. Security highlights include FIPS 140-3 Level 3 compliance, AES-XTS 256-bit hardware-based encryption, and the encasement of its drive mechanism in epoxy resin—any attempt to pry inside to get to the chips will result in their destruction. It also has a built-in numeric keypad that means your files can’t be accessed without the proper user or administrator PIN. You can configure the M2 as a read-only drive and create a self-destruct code that obliterates the data, encryption key, and all PINs forever.
With such formidable security, you might expect the iStorage M2 to cost a mint, but it’s reasonably priced considering what it offers. Not only is it rife with security features, its ruggedness rating of IP68 is as high as any drive we have tested. If you’re paranoid about your personal or company documents, put the DiskAshur under your pillow and sleep tight. You can take it on a trip or hike with you and know that it will survive anything Mother Nature might throw at it, and any attempt by others to access your data should it be lost or stolen.
Learn More
iStorage DiskAshur M2 Review
Best Keypad-Secured External SSD for Enterprises
DataLocker DL4 FE
- 256-bit AES-XTS hardware encryption
- Meets several key security-standard certifications
- Touch pad randomizes keypad characters to thwart fingerprint tracing
- Can be remotely managed through DataLocker’s SafeConsole interface
- Local and remote self-destruct features
- Pricey compared with other security-centric drives
- Slow, even for a hyper-secure SATA drive
- Limited ruggedness features
The DataLocker DL4 FE external SSD has all the security features and certifications to satisfy rigorous corporate and governmental criteria to guarantee the protection of secret or sensitive data. Simply put, no unauthorized person will be able to breach its encryption and other safeguards. If it were to be lost or stolen, the drive can be remotely disabled and wiped clean. As for protection from the elements, the DL4 FE has some ruggedness but overall falls well short of some rugged drives on the liquid-resistance front. Speed-wise, the DL4 FE is plodding, even compared with other security-centric drives. The DL4 FE gets high marks for its comprehensive drive security, and it’s a great choice for organizations for which data protection is paramount.
The DataLocker DL4 FE meets the security requirements of corporations and governmental agencies, and has the certifications to prove it. It doesn’t come cheap, even for a security-centric SSD, so it’s largely for big-budget organizations. It’s especially good for businesses or institutions that need multiple secure drives, as it can be easily integrated into DataLocker’s SafeConsole fleet-management system.
Learn More
DataLocker DL4 FE Review
Best Encrypted Desktop Hard Drive
iStorage DiskAshur DT2
- Immense capacity
- Low cost per gigabyte for a security-centric drive
- AES-XTS 256-bit full-disk hardware encryption
- FIPS 140-2 Level 2/3, NCSC CPA, NLNCSA BSPA, and NATO Restricted certifications
- Easy for authorized users to unlock
- No protective case or ruggedness features
- Low score in PCMark 10 benchmark for everyday storage tasks
With cavernous capacity and a minuscule cost per gigabyte compared with security-centric SSDs, the iStorage DiskAshur DT2—a desktop-style hard drive—is a formidable solution for corporations, institutions, and agencies needing to keep sensitive data safe. With a slew of protective features and boasting an impressive set of certifications, this PIN-authenticated external drive is easy for authorized users to access but impervious to attempts by outsiders to break in. As a desktop hard drive, it is not USB-powered but must be plugged into its included AC adapter. As it will generally be used in an office or server room setting, it lacks any ruggedness features to speak of—the protection it offers is from human threats.
The DT2 isn’t slim or portable like many external drives—in form, it’s a classic desktop spinning hard drive. But it is easy for authorized users to unlock and access using its built-in keypad, and it has a slew of security features and certifications to assure you it’ll keep bad guys out. If you need to store and protect large volumes of data, this is a great choice.
Learn More
iStorage DiskAshur DT2 Review
Best Encrypted Portable Hard Drive
WD My Passport (5TB)
- 5TB is peak portable single-drive capacity.
- Small and light.
- AES-256 hardware encryption with password.
- Ships with apps for backup/restore, reformatting and checking drive health, and more.
- At list price, the 5TB version has a higher cost per gigabyte than the 4TB version.
Slightly rounded edges and ripples over part of the surface give the My Passport hard drive the look and tactile-friendly feel of a consumer gadget. The ripples also help keep the drive from slipping out of your hand easily. Add a choice of colors, a size that can fit in a shirt pocket, a range of capacities from 1TB to 5TB, and easy-to-find discounts from list price, and the WD My Passport is a clear standout among high-capacity portable hard drives. It ships with apps for backup/restore, reformatting and checking drive health, and provides AES-256 hardware encryption with a password.
Unless you need a ruggedized drive to stand up to rough treatment, the WD My Passport checks off all the right boxes for an external portable hard drive. It’s competitively priced and comes in capacities up to 5TB. Its built-in hardware encryption and bundled utilities enhance its usability, and it doesn’t hurt that it looks good.
Learn More
WD My Passport (5TB) Review
Buying Guide: The Best Secure SSDs and Hard Drives for 2024
A Guide to Hardware-Based Drive Encryption
Encryption is the process of taking readable text or data and encoding it using a key—a random string of bits, generated by an encryption algorithm—so that only someone in possession of the key can decrypt it. Most mainstream encrypted SSDs and hard drives provide what’s known as AES 256-bit hardware-based encryption, while most hyper-secure keypad-accessible drives utilize XTS-AES 256-bit hardware-based encryption.
For good reason, AES is considered the gold standard in drive encryption. Even the standard 256-bit AES encryption (which uses a 256-bit key) is essentially uncrackable. It takes the data through multiple permutation rounds in the encryption process. Using brute-force methods—say, a supercomputer trying one key after another in an effort to decrypt it—could take an average of many trillions of years to break it—far longer than the current age of the universe. That should give you an idea of how ironclad AES encryption is, at least in the face of a brute-force attack.
Encrypted mainstream external drives often let users create a password-protected vault into which they can drop files or folders to be encrypted (by AES or other methods). And even if your drive lacks native encryption, there are many encryption utilities you can install to make your files unreadable (and, in many cases, invisible) to others.
Physical Drive Security: Keypads, Fingerprint Scanners, and More
You can also find drives with a secure physical layer. Keypad-equipped drives, for one, are platform-independent, require no software to run, and can work with almost any computer as long as it has a USB port. When the drive is unattached to a computer, it is locked and generally secured with XTS-AES full-disk encryption. When you attach it and enter the password, you unlock the drive, and it operates as any other drive. (In most business situations, an administrator sets some access rules and creates an admin password for the drive, and one or more users, each with their own user-level password, can access the drive.) When you disconnect it, it locks, and can only be opened with the password. Such drives usually also have other security measures in addition to encryption, which we will discuss below.
(Credit: Zlata Ivleva)
While some drives have press-button keypads, some are virtual pads, responding to either a finger or stylus. With virtual keypads, often the letters are scrambled each time you plug the drive in. This prevents an intruder from guessing the password from fingerprints left on the pad or by looking over your shoulder at your keystrokes.
A downside of full-disk encryption is that it can slow a drive’s performance significantly compared with an equivalent non-encrypted drive. These hyper-secure SSDs and hard drives, chock-full of protective features, also tend to cost a lot more per gigabyte than non-encrypted or consumer-level encrypted drives. For many users, the security and peace of mind that such drives provide is well worth the extra cost, and hyper-secure storage features are required by many organizations in both the public and private sectors.
(Credit: Zlata Ivleva)
Beyond traditional password and keypad protection, at least one drive maker has turned to biometrics. The Samsung Portable SSD T7 Touch has a built-in fingerprint reader. From the included software, you can set the drive to open at the touch of the right fingerprint.
Security Features Beyond Encryption: FIPS and Friends
Much of the market for hyper-secure keypad-enabled drives is made up of the military, government agencies, organizations, and corporations that tend to have exacting criteria when it comes to the security of the products they are permitted to purchase. Primarily, this means compliance with the Federal Information Processing Standards (FIPS), computer security and cryptography standards issued by the National Institute of Standards and Technology (NIST).
SSD makers often tout their keypad SSDs as meeting either the FIPS 140 Level 2 or 3 standards. The FIPS 140 standard covers the entire “cryptographic module”—encompassing the drive’s full set of hardware, software, and firmware that implements approved security functions like cryptographic algorithms and key generation. A key aspect of FIPS 140 Level 3 is the protection of the module from physical attacks or tampering, by methods such as embedding it in epoxy. If the drive mechanism is breached, the chips will be damaged in the process, effectively destroying both the drive and the data it holds.
(Credit: Molly Flores)
You will also hear of drives being FIPS 197-compliant. FIPS 197 covers only the encryption, and is today better known by the name of the algorithm that FIPS Publication 197 introduced: Advanced Encryption Standard, or AES. So a FIPS 197-compliant drive is simply one that uses AES hardware-based encryption.
Another feature that drive-makers tout and clients covet is the inclusion of a Common Criteria EAL5+ (hardware-certified) secure microprocessor. Such a device, through a combination of true random number generation and built-in cryptography, further protects against drive tampering.
Ruggedized Drive Features: Keeping Your Data High and Dry
While secure and encrypted drives can protect your data from falling into the hands of thieves, scam artists, and other bad actors, rugged drives provide protection from the elements (dust, sand, and water) as well as from tumbles or other accidents. A good percentage of secure drives are also ruggedized; we think of encryption and ruggedization as two sides of the same coin. We have a separate roundup of rugged drives at the preceding link.
Whether drive ruggedness is important depends entirely on your use case. If you seldom take your external drive outside of your home or office, it may not be a priority. But if you’ll be using it, say on an oil rig or in a wilderness video shoot, you’ll want some defense against water, sand, or soil getting into the drive.
(Credit: Molly Flores)
Sand-fast and water-fast drives usually carry a two-number ingress protection (IP) rating. The first number, ranging from 0 (no protection) to 6 (complete protection) rates the drive’s imperviousness to dust and particulate matter. The second number rates protection from water ingress, with 8 indicating that the drive can survive being immersed in more than one meter of water. Some drives are also drop-proof (impervious to falls), shockproof, or crush-proof (able to survive being run over by, say, a two-ton truck). The manufacturer’s description of a drive will specify an IP rating and other protections it offers. If no IP rating or other rating information is given, you can safely assume that the drive is not designed to be rugged.
Ready to Buy the Right Secure Drive for You?
Whether you want to encrypt a folder for personal or business files on your portable SSD, or you’re tasked with requisitioning hyper-secure drives for the NSA, you’ll find many options to choose from. At the minimum, all of the products here feature AES 256-bit hardware-based encryption. Some go no farther than encryption, while others add keypad or fingerprint access and a host of other protective features. Although it’s not strictly a security feature, many encrypted drives are also rugged, shielding the physical drive from storms, tumbles, or mishaps in the wild or on the factory floor. For more on safeguarding your data, check out our guides to the best backup software and the best security suites.
#Secure #SSDs #Hard #Drives