Kingston has been diversifying in recent years and a new area for them is secure storage devices.
The latest product in this sector is the Kingston IronKey Vault Privacy 80, or VP80ES as it is also known. It is a USB connectable SSD that does not require any software installation to work with a PC.
How does this Kingston solution compare to DataLocker and others who are already familiar with their products?
Price and availability
The Kingston IronKey Vault Privacy 80 comes in three capacities, starting with a 480 GB model, with larger 960 GB and 1920 GB models available.
Unusually for Kingston, there are no suggested retail prices for this hardware. Instead, suppliers across the EMEA make pricing decisions.
To give you a general idea, we found one supplier in the UK selling the 480GB, 960GB and 1920GB for £282.34, £341.92 and £479.04 respectively.
In the US, we found the same items on Newegg.com for $248.99, $345.99, and $488.99. This pricing strongly suggests that the larger capacities offer better value.
Design and Features
The great thing about this product is that Kingston wasn’t trying to do anything overly theatrical with the aesthetic. It’s an external USB-C drive with a touchscreen on the top, and along with the drive, Kingston has included two USB connection cables for USB-A and USB-C and a soft neoprene carrying case.
There is supposedly a small pocket on the front of the pouch to carry the cables, but it’s not big enough to carry even one. Maybe a room divider inside would have been a better idea.
There is also a ‘Quick Start Guide’ with basic instructions in ten different languages and the owner directs you to a more comprehensive user manual which can be downloaded from the Kingston website.
The attractive metallic blue finish gives the impression that the VP80ES has a metal construction, but it is plastic. That helps keep the weight down to 262g, including cable.
When the VP80ES is first plugged in, the onboard software prompts the owner to define an administrator password by entering it via the touchscreen. This touchscreen is approximately 60 x 45mm, although it is not flush with the case, and the cutout makes the workspace available for less touching.
Couple: USB 3.2 Gen 1
Package consists of: Neoprene Travel Case, USB 3.2 Gen 1 C-to-C Cable, USB 3.2 Gen 1 C-to-A Cable
Capacities4: 480GB, 960GB, 1920GB
Speed: Up to 250MB/s read, 250MB/s write
Dimensions: 122.5mm x 84.2mm x 18.5mm
Operating Temperature: 0°C to 45°C
Store temperature: -20°C to 60°C
Compatibility: USB 3.0/USB 3.1/USB 3.2 Gen 1
Security Specification: FIPS 197 certified
Command/Support5: 3-Year Limited Warranty
The simple interface can be operated with a stylus (not included) or a fingertip. It is much easier with a stylus due to the relatively small scale of the screen in combination with adult fingers. Given the price, it’s a mystery why a cheap stylus wasn’t included.
What Kingston is offering here is a familiar form factor, but with the added functionality of being a FIPS 197 certified device that uses XTS-AES 256-bit encryption to protect the content from hackers.
In addition to the data encryption, the drive is designed to withstand BadUSB attacks and brute force methods. It also has a Common Criteria EAL5+ certified secure microprocessor
All the clever parts of these products are hidden inside, but their designers have created something that shouldn’t intimidate the average user.
Security storage is always a fine line between providing the best possible protection and the practicalities of usability.
The approach of the VP80ES is to provide two levels of secure ownership where an administrator can manage user accounts.
This makes perfect sense, because this device is invariably handed over to a user who forgets their password, and the administrator can then theoretically figure out the situation.
What an IT department should never do with this device is hand the device directly to the user as they will set the administrator password and then possibly forget it.
A mild regret is that the administrator password can be configured to be just six characters long, made up entirely of numbers or letters and with no special characters.
Since the admin can force users to use more characters (up to 64) and mix letters and numbers, should strong password rules apply to the admin from the start?
Once the drive is unlocked, the drive partition can be formatted in whatever file format it sees fit. It is pre-formatted with ExFAT, but it can be easily switched to NTFS or EXT4 before copying files to it.
In the administrator settings, it is possible to say how long the drive should remain unlocked while connected, and it is possible to quickly lock it for those who need to leave the room.
The good thing about this solution is that the drive is basically OS independent and requires no locally installed drivers or software. But it’s not all rainbows.
At one point, those who designed the Kingston IronKey VP80ES got carried away by their secure processor and intrusion protection and took their eyes off the user experience.
Because you cannot quickly key in an unlock code into the device due to a significant delay after each letter or number is selected. We later determined that this was due to the size of our fingers, as a stylus made it much smoother.
But this isn’t the only potential problem we noticed. There is another problem with the user account mode of the device. When a user account is created and you can only have one, a password is defined for that user that they can use to access the device.
If this mode is active, when the machine is turned on, it will ask if the password is ‘admin or user’, and the user password will not allow access to all menu functions that the administrator has.
But one caveat to User Mode is that there is a limit to the number of incorrect passwords that can be entered before the device automatically erases the content to prevent brute force attempts. The maximum number of wrong attempts allowed is 30 and the minimum is 10, but worryingly, that number is shared between the user and the administrator.
Therefore, the user can use up all their attempts and wipe the drive before the administrator has a chance to retrieve the situation.
It doesn’t take much imagination to see a scenario where a user who doesn’t want or can’t call the admin goes horribly wrong. And the user goes to the administrator after his data is irretrievably erased.
Here’s how the Kingston IronKey VP80ES 480GB performed in our series of benchmark tests:
CrystalDiskMark 8.0.4: 269.25 MBps (read); 256.72 MBps (write)
ATTO: 257.03 MBps (read, 256 MB); 240MBps (write, 256MB)
IF SSD: 251.36MBps (seq read); 240.67 MBps (seq write)
AJA: 251MBps (read); 237MBps (write)
The VP80ES is an SSD, but it’s not one that will break any speed records.
It’s pretty safe to assume that the SSD technology in the VP80ES is SATA-based, which would theoretically be around 500MB/sec. Encryption and decryption can reduce this performance, but losing half that speed seems excessive.
We’ve seen others argue that secure storage performance isn’t essential, but if you’re in a rush to catch a flight or train, writing at around 245MB/s can become a more important factor.
These results show that the VP80ES is slower than almost any USB SSD we’ve seen recently and about the same speed as the DataLocker DL4FE, another disappointing performance.
What is undeniable about the Kingston IronKey VP80ES is that the information stored on it must be as secure as the passwords defined for it. Give this to the kind of person who has sticky notes with passwords stuck to their monitor, and it won’t be.
But apart from one point that we will get to, the technology used in this drive achieves a high level of security that some will be interested in.
However, there are a few issues with this design that potential buyers should be aware of.
As a USB SSD, this is not a very fast drive and we used conventional hard drives which could improve the read and write speeds on offer. This would have been remedied if the USB interface was one that supported USB 3.2 Gen 2, but only half of that bandwidth is available for Gen 1 devices.
Another problematic area is the touchscreen. This interface works very well with a stylus but less well with a fat finger. Spend the small amount needed for a small rubber-tipped stylus and make fewer mistakes when entering passwords.
That can be critical, as the password entry errors can wipe the drive if the user or administrator exceeds the number of attempts. The security approach assumes that the security of the content is more important than those files, so it would be a bad place to put the only existing copy of data.
Conversely, if the data isn’t important, but keeping it under control is, then this should be fine.
We also need to talk about secure storage costs, often much more than you’d expect for an SSD of the same capacity.
The price of this product seems very close to the DataLocker DL4FE with the same capabilities, a product that offers the same touchscreen input but has remote control functions.
Technically, the DataLocker DL4FE has a security rating for FIPS 140-2 Level 3 Device certification, but the FIPS 197 standard that the VP80SE has is the next step on the security ladder. The DataLocker solution offers a much wider range of capacities up to 16 TB if you like to spend a lot of money.
Unless you specifically want a means to kill the contents of a drive remotely, the Kingston VP80SE is an effective option. But we recommend training those using it on how to remember passwords and when to contact the administrator before data is lost.