I had the opportunity to interview reps from Imation on the expo floor at RSA 2011 last week. The meeting request had interested me because my mental image of Imation was that of a fairly staid and stable storage media company. And, to a degree, this mental image was not incorrect. However, despite their solid maintenance of well-known media brands like Memorex and TDK, I was excited to see that Imation is also branching out into new areas.
A couple products from Imation's new Defender Collection struck me as being very interesting. These products include having biometrics and encryption capabilities, as well as a self-contained, pendrive-based Windows environment in development (making them only the 2nd vendor to do this, following on the heels of SPYRUS).
In addition to these new product lines, Imation has also begun developing software to support these devices. You, the reader, might think this is a fairly logical extension (you'd be right), but don't overlook the fact that standing up an entirely new software division to support new products is a somewhat risky venture, and something that represents Imation's strong commitment to these new product lines. The software will, in particular, provide central management and authentication integration for the new Defender line of devices, which should make them particularly appealing to the enterprise (at least for Windows-oriented folks today).
The F200+Biometrics Device
For demonstration and experimentation purposes, I received an F200+BIO USB storage device from the good folks at Imation. The device (Imation-supplied picture above) features 32GB storage, FIPS 140-2 Level 3 validated encryption using AES 256, and 2-factor authentication (password+biometric).
Installing the device on my Mac was, unfortunately, less than trivial. No documentation was provided in the retail box, and when I plugged the device in for the first time, it did not show up as a connected device. A quick search of the Imation support pages indicated that a firmware update may be needed, so I contacted Support for more information. After a few minutes on the line with a rep, he found the information, took my email address, and promised to email the update to me. Unfortunately, the files received didn't include directions on how to install them, nor was it obvious what the files were (i.e., they didn't come as a pkg or dmg, so I didn't know how to use them). As it turned out, one of the files was a PDF missing the .pdf extension, which included upgrade directions. The directions pointed me to a Windows-based PC to flash the firmware so that I could then use the device with Mac OS X 10.6.
Loading up my Win7 VM, the device was immediately detected and I was prompted to go through setup/configuration. These devices can support up to 10 users, each with their own protected storage space (which is rather cool). In my case, I simply created 1 user for myself, and opted to only use single-factor authentication (biometrics). Enrollment was straightforward, with 5 swipes per finger (for a minimum of 2 fingers) required. You could swipe all 10 fingers if you wanted to do so, or maybe even ask someone else to swipe in a finger should you want to have a device and single storage partition shared among a team.
Once everything was updated and configured, then the device worked like a charm. Upon initial detection, it shows up as "LOCKED" until you swipe your finger to unlock it, at which point it changes to "PRIVATE". On the Mac, an "Application" disc volume also shows up, which contains the Windows app code and documentation. One of the quirks of the device on Mac is that every time I connect and biometrically authenticate, OS X gives me a pop-up window indicating that the volume had not be dismounted properly. This, despite having ejected both the PRIVATE and Application volume. Another interesting quirk was that every time I attempted to eject the Application volume, it automatically re-mounted it and the LOCKED volume, making it essentially impossible to cleanly dismount. This might be part of the cause of the issues. Only long-term testing will be able to prove whether or not there are lasting data storage issues, though my guess is that it won't matter.
In terms of performance, the encryption did not appear to introduce any latency. The device has an onboard processor to do hardware-level encryption, allowing transfer speeds to be very high. I copied over a 480MB ISO image (the OWASP Live CD) and it only took about a minute to complete the operation.
Conclusion: The F200+BIO is definitely a nifty device, and I think it's a solid representation of the entire Defender Collection that Imation is releasing. I'm very eager to see the beta release their embedded Windows product in the near future, particularly because it will help provide competition for SPYRUS and lead to what I hope will be even better price points. It seems likely that the SPYRUS solution will be more mature initially, but I feel confident that Imation will quickly get up to speed and provide some reasonable competition in this space.
