Datalocker DL4 FE 1TB Hardware Encrypted SSD Review
The built-in display of the Datalocker DL4 FE makes this the best secure drive I have used. It is easy to set up, you can use more complex passwords, and managing users and all the other features are also handled intuitively via the touchscreen interface. I was also impressed with the remote management features of SafeConsole. All this comes at a price, though, it is the most expensive drive I have tested to date.
Features - 95%
Price - 75%
- The display makes everything better, easier to set up, manage and login.
- Excellent remote management service
- Premium price
I have reviewed several secure hardware encrypted drives over the years. Once you have reviewed one, all the subsequent reviews feel like the same product. Most drives use a physical keypad on the drive, and all the drives have roughly the same performance. They generally all use similar levels of security, too, typically FIPS 140-2 Level 3 with AES 256-bit.
Occasionally something different will come along. A couple of years ago, I was impressed with the SecureDrive BT. This skipped the physical keypad and carried out the authentication via Bluetooth using an app on your phone.
Datalocker has taken a different approach to the way you manage and unlock your drive. They have integrated a touchscreen onto the device, which allows you to use a full keyboard and provides easy access to all the settings and user management. This makes managing the device far easier than keypad solutions, and it works independently from any software or other device (unlike the Bluetooth options, which require a phone and app).
Specification / Features
- Interactive Touchscreen supports complex alphanumeric passwords with special characters
- Remote Management: SafeConsole allows for remote provisioning, deployment, thorough auditing, and much more.
- Remote Device Detonate & Silent Kill Code when managed by SafeConsole
- Brute force password protection
- Absolutely no software or drivers
- Supports an administrator password (full permissions) and a user password (limited permissions)
- Available in:
- SSD: 1 TB, 2 TB, 4 TB, 7.6 TB, 15.3 TB
- HDD: 500 GB, 1 TB, 2 TB
- Dimensions: L: 12.3 cm W: 7.7 cm H: 2.1 cm
- Cryptographic Security:
- FIPS 140-2 Level 3 Device
- Common Criteria cPP certification pending.
- AES 256-bit XTS hardware encryption onboard.
- Integrates a Common Criteria EAL 5+ certified secure microprocessor
- Physical Security:
- Kensington lock
- Hardened internals and enclosure
- IP64 Certified
Almost all secure drives have similar levels of security and security focussed features.
For the Datalocker DL4, it is a FIPS 140-2 Level 3 device that uses AES 256-bit XTS hardware encryption onboard.
The drive's microprocessor is certified secure at the Common Criteria EAL 5+ level, and the company expects this to be the first USB drive to receive the Common Criteria collaborative Protection Profile (cPP).
The drive is also IP64 rated, which means it has the maximum protection from ingress by solids, including dust. The water ingress protection covers splashes of water from all directions. You won't want to go swimming with it, but spilling a drink on it or being caught out in the rain isn't going to cause you a problem.
The internals are hardened, too and with this being an SSD, you have a greater degree of protection when the drive gets knocked about.
It also includes a Kensington Security Slot allowing you to physically lock it down.
Design and Display
The Datalocker DL4 is a chunky secure SSD. It is not just a typical drive enclosure, you have all the physical security, a processor for the encryption and then the display and its corresponding electronics.
You can still comfortably fit it in your pocket. It is quite heavy but not too bad.
The display is basic and is an old fashioned resistive screen rather than the more common capacitive displays nowadays. When using your thumb, it feels like it is not accurate, and when you touch a letter on the edge, the plastic casing feels like it gets in the way. However, I have not had any failed attempts to login through mistyping.
With it being resistive, you can use any sort of pointy device to type on the screen. I'd try and avoid anything too sharp, but this makes the typing process much easier.
This is definitely the easiest secure drive I have used to set up, which is the whole point of the display and the main selling point of this drive.
When you attach the drive you will be requested to create an admin password using the on-screen keyboard. This can be as long as you want and user alphanumeric and special characters. Therefore you are much more likely to use a more complex and secure password than competing products.
With the admin user set up, when you login to the device again, you will be given an option to connect to the drive or you can click the settings button.
Within the settings, you can change the password, set users, self-destruct, change password complexity, auto-lock time and more.
This makes setting up all the advanced features considerably easy than competing brands. Setting the iStorage datAshur SD with a basic admin user was easy enough, but if you want to set up users and the other features, you need to consult the manual to work out what you need to press.
From my experience, if a user needs to go out of their way to learn the features of a device, they are much less likely to use it.
Like other encrypted drives, Datalocker offers advanced functionality and remote management features.
During my time with this drive, I have not personally used SafeConsole, but was given a detailed demo of it, and it is very impressive.
The range of features is extensive enough that it would need its own separate review to cover all the features, but highlights include:
- Remotely provision, configure, manage all drives.
- Auditing includes logging all device actions, including the IP address and location that a device is used. Admin users can see what actions users carry out on the device, though can’t specifically see the files copied/used.
- IP addresses can also be used for geofencing, restricting the physical location that the drive can be used.
- Device policies can be set up, allowing a drive to be used for a set number of days or login attempts before it needs to be plugged back into a computer with SafeConsole. Policies can be set up globally, per user or per device.
- SafeConsole anti-malware powered by McAfee carries out onboard anti-malware to your encrypted drives and automatically scan data for viruses and malware before it’s stored on the device. This is on the drive and completely separate from the system you plug it into.
- SafeConsole can be used for remote wipes. There is also a remote detonation feature allowing admins to functionally destroy the device and its data remotely to protect against data encryption key theft.
SafeConsole also works with the Kingston range of IronKey drives.
SafeConsole looks like it will work best with larger companies handling a lot of drives, but they do have starter packs with 10 licences. Also, looking around on Google, it appears you can be single device licences for around £25 per year.
In Use & Performance
When you plug the drive-in, it will perform a self-test then display the password input. The drive rearranges the keyboard each time you connect, so you are not replicating the same screen presses each time. I am not sure how much of a security issue pattern recognition is, or if it is something limited to movies. However, it is a nice addition for added peace of mind.
Using Speccy, the drive is recognised as DLI DL4FE, and there are no other clues to what SSD is used in the drive. In comparison, some drives I have tested in the past use off the shelf disks, which can make it feel frustrating when you are paying several times the cost of the disk for the additional hardware encryption. For example, the SecureDrive BT SSD uses a Seagate BarraCuda SSD.
Datalocker state the performance as 150Mb/s read and 100 MB/s write. I suspect this might be for the hard disk variants.
I achieved 270MB/s and 260MB/s, respectively, which is lower than you'd normally expect from an SSD and a bit lower than the SecureDrive BT SSD I previously used.
Just like SecureDrive BT review, random read/write speeds were much slower. These low speeds compared to standard SSDs will be a result of the cryptographic process.
These drives are not something you will be working from as a primary drive, so the speeds are not too much of an issue.
Price and Alternative Options
The Datalocker DL4 FE 1TB SSD is available from Dell for £643.19.
StoreSecure sells it for €487, not including tax or shipping. They also sell the HDD variant for €395. US pricing seems to be around $725, available from Insight.
iStorage seem to be the only company with secure drives that are easily accessible in the UK. Other brands ship from the US. They have the Diskashur Pro2 for £369, which uses physical keys and no display.
There is also the iStorage diskAshur M2 1TB for £266
SecureDrive has the SecureDrive BT SSD for $409/£310 before shipping (and presumably VAT+duties upon import). This is managed through your phone and a Bluetooth connection. I am/was a big fan of it, but you are reliant on having to use a phone and app to unlock and manage the drive. I swap my phone a lot, so at the moment don't have the app. Having to install things to unlock a drive is inconvenient. If you have a lot of staff that might need to access the drive, it can get even more difficult.
Aegis Fortress is £374.68 for the SSD model or the Aegis Padlock SSD for £398. Again, requiring physical pin codes. These are also shipped from the US, and the final price would be around £545
Secure drives have always cost a lot of money, and a premium is added to this with its built-in display. It is a unique feature that makes a lot of sense. It is considerably more useful than competing devices, and the on-screen display makes it easier to have complex alphanumeric passwords. So, it is easier to use and more secure. Two things that are essential when it comes to securing data.
Depending on what it is you want to secure, you can't really put a price on data security. The premium price here is unlikely to be worth it for me personally, but if I wanted to secure corporate data for an international business, spending £600 is pocket change.