By now, the horror stories about missing external hard drives holding sensitive information have lost their edge. Whenever I hear that another 20,000 customers of some company are at risk of identity theft, I just roll my eyes. Yes, it's irresponsible for businesses, universities, and government agencies to lose so much. But it's also understandable: Until recently, encrypting data on a hard drive was a cumbersome process.
Now, external hard drives can take care of the encryption for you. They obviate sophisticated software, and assume the heavy lifting from the PC. Hardware-encrypted drives offer a performance boost over encryption that relies on software running on Windows. Whereas software asks the PC's CPU to do the number-crunching, encrypted drives use special processors, built into their housing, that scramble data as it's written to disk. Seagate's Maxtor BlackArmor puts the chip on the hard drive's circuitry, in what's called full-disk encryption. (Full-disk-encryption drives are popular in corporate laptops, but are just now becoming widely available as external units.)
Either way, the drive's performance is barely affected, such that (lacking benchmark testing) the effect is hardly noticeable in use.
Encryption is also far simpler with these devices: Once you set the drive up and you enter a PIN or password, you can copy data to the drive normally, through Windows Explorer or by saving a file to the disk within an application. Some of the devices I tested permit you to enter the passcode by means of physical buttons or keys located on the exterior of the drive housing, while others require you to enter a password into a small Windows app that launches when you connect the drive. If you plan to use your device on one or more non-Windows operating systems, consider the Data Locker and Lenovo models I tried, which each offer a physical keypad.
As with all encrypted drives, the data on the platters (or, in the case of flash drives, on the memory chip) is unreadable to anyone--short of cryptanalysts who work for certain three-letter government agencies--who lacks the password or the physical key. Even if someone tries removing the platters (or memory chips) from the housing and scanning them with forensic data-recovery tools, the recorded bits will appear to be random garbage data, unlockable only with the right key.
Most encrypted drives use one of several standard, well-known algorithms. The most common is AES (Advanced Encryption Standard), which several branches of the federal government and the military use. FIPS 140 is a very general government encryption standard that ensures that products follow certain security protocols. Level 1, the lowest of four levels, basically means "no glaring errors or omissions were present." Anything that uses AES-128 or -256 is FIPS 140-2 Level 1 compliant. Less common are drives that use the older DES (Digital Encryption Standard), or its cousin, Triple-DES--both are significantly weaker algorithms, though they're effective if you're simply trying to prevent casual snooping.
I evaluated eight models, including hard drives and flash drives. My pick for Best Buy is the Seagate Maxtor BlackArmor. Regardless of which model you choose, if you inadvertently leave the drive holding all the nuclear secrets behind on the train, you can be confident that the schmo who finds it won't be able to retrieve them. That is, of course, assuming you haven't attached the password to the drive on a sticky note, or left the decryption key plugged into the back. These devices can eliminate a lot of security worries, but they can't prevent careless behavior.
Consult our chart of encrypted portable drives for a quick specs comparison, and turn to the next page to read my impressions of all eight drives.