The portable, secure and rugged diskAshur M2 comes in capacities ranging from 120GB to 2TB.
Image: iStorage
Supplied in a sturdy carrying case, the diskAshur M2 from iStorage is thinner and sleeker than previous models and has its own sliding sleeve to protect the keypad from getting knocked while it’s in a bag or pocket, as well as to keep dust out of the USB 3.2 Micro-B SuperSpeed data and power port on one end.
There’s even a rubber gasket that makes the whole thing waterproof when the sleeve is fitted (IP68, up to 30 minutes in 1.5m of water); iStorage also claims it’s shock and crushproof (up to 2.7 ton) and we saw no errors after dropping it off a few desks and tables in the office.
Flash storage isn’t going to suffer the kind of head crashes a hard drive might, but more importantly you don’t want it to be easy to crack open if an attacker wants to try the kind of hardware assault that involves disassembling the device (although there are built-in protections against the usual physical and monitoring attacks, and the components are encased in resin).
The diskAshur M2 is supplied with short USB-A and USB-C cables for device connection.
Image: iStorage
The size of a small bar of chocolate or a feature phone, the M2 feels heavy for its size but is nicely balanced; you can stand it on one end if it’s not plugged in. But the USB-A and USB-C cables supplied are rather short, so it’s probably going to end up flat on the table next to your device where you can type in the PIN when you need it. That device can be pretty much anything with a USB port, including Android, Chrome, thin clients and embedded systems, as well as Windows, macOS and Linux, because the hardware encryption means you don’t need to install any software. You can even use the M2 as a boot drive.
Previous versions of the diskAshur had a built-in cable, and the datAshur USB stick needed an adapter for mobile or USB-C devices. Switching that for separate cables makes the M2 more flexible, but since USB Micro-B SuperSpeed connectors aren’t particularly common you’ll need to have the right cable with you — making the carrying case more of a necessity than a nicety.
When it’s unplugged, all the data is automatically encrypted using AES-XTS 256-bit hardware encryption (make sure any data transfers are finished first). The user PIN to unlock the drive to use it like a normal SSD can be seven to 15 digits long; the system blocks simple repeats and sequential PINs and having letters on the number keypad means you can use a passphrase that’s easier to remember than a string of numbers (we’d suggest avoiding the easily guessed suggestions in the manual though). Even so, there’s a polymer coating so the keys don’t wear down and give attackers a hint.
There’s a wide range of admin features, from enforcing the length of user PINs (and whether to require special characters that use the Shift key) to setting how long the drive stays unlocked when it’s not in active use (the default timeout is short enough to annoy most users).
Both admins and users can flip the drive into read-only mode — and if that’s set by an admin, users can’t change it, so you can use this for distributing content without worrying that it will be accidentally deleted, infected by malware or otherwise tampered with.
If the user PIN is typed in wrong ten times in a row, it’s automatically deleted, so you can set one-time user recovery PINs to let people regain access to their data. All the previous diskAshur features are still there, like the choice of a device reset or a self-destruct PIN that deletes the data, encryption key and PINs so you can re-issue a previously used drive to another employee and ensure data deletion.
But configuring those, or even creating user PINs, still requires a fiddly sequence of pressing various combinations of shift and lock keys on the device with various digits and watching the three-colour LEDs blink or turn solid in patterns that few people are going to bother memorising. Even unlocking the drive as a user means pressing two keys, typing in the PIN, pressing another key and then watching the green and blue LEDs flash for a few seconds.
Even with the limitations of a numeric keyboard, we continue to find this unnecessarily complex and it’s the most annoying aspect of iStorage’s otherwise useful products.
Top: moderate performance when copying a 12GB selection of files. Above: better results when handling large sequential files.
Images: Mary Branscombe / ZDNet
With a USB 3.2 Gen 1 connection, the M2 can theoretically deliver 370MB/s read and write speeds, although the encryption can slow that down. Copying a 12GB selection of files showed rather variable performance that didn’t get close to the theoretical maximum, but delivered similar write speeds to a USB 3.0 flash drive (for comparison we used a Kingston DataTraveler Ultimate 3.0 Generation 2). CrystalDiskMark showed closer to the theoretical speed with large sequential files.
But in use, disk performance isn’t going to slow you down — although the drive settings might. The short timeout limit meant that both the benchmarks and the large file copy initially failed and required a Windows drive repair, with the drive light activity staying on even after the drive had disappeared from Windows Explorer. We found our test unit would lock after a few minutes even after we extended the timeout to the maximum 99 minutes, which was equally annoying.
You’re also paying for the security, with prices starting at £155 for the 120GB version; we looked at the £515 2TB model.
Image: iStorage
The diskAshur M2 offers a welcome combination of features from iStorage’s previous SSD and USB stick models: the one-time PIN from earlier diskAshur models and the protective cover from dataAshur. It’s also smaller, neater and more rugged than earlier offerings. But the interface continues to be opaque and occasionally frustrating, so build in time for training and user support.
RECENT AND RELATED CONTENT
Encrypted USB flash drive you can unlock with your smartphone (or Apple Watch)
cloudAshur, hands on: Encrypt, share and manage your files locally and in the cloud
diskAshur2 and datAshur Pro, First Take: Secure but pricey mobile drives
Seagate IronWolf 510 SSD, hands on: An enterprise-class cache to speed up your NAS
OWC Envoy Pro FX external SSD
Read more reviews More
