to ensure the ultimate protection of your data stored in the cloud or on your local PC/MAC or any data storage device


your encrypted data securely with authorised users in the cloud as well as email and file transfer services in real-time

USB 3.0

and monitor your cloudAshur devices centrally

Normes fédérales de traitement de l’information FIPS niveau 3

FIPS 140-2 est un indicateur critique reconnu dans le monde entier
qui prouve qu’un dispositif technologique a
passé un ensemble de procédures de test rigoureuses
et répond aux normes les plus strictes en matière d’algorithme
de chiffrement et de protection des données.



de chiffrement validé FIPS PUB 197
Bénéficiant du chiffrement matériel AES-XTS 256-bit Full-Disk,
la datAshur PRO chiffre de façon transparente toutes
les données de la clé lorsqu’elles sont inactives, afin de
les protéger même si la clé tombe
entre de mauvaises mains.

On-device Crypto-chip

Offering 100% real-time military grade AES-XTS or AES-ECB 256-bit Hardware Encryption with FIPS PUB 197 certified USB 3.0 encryption controller.

Uniquely incorporates Common Criteria EAL4+ ready secure microprocessor

Which offers ultimate security against hackers, detecting and responding to tampering with features such as:

- Dedicated hardware for protection against SPA/DPA/SEMA, DEMA attacks - Advanced protection against physical attacks, including Active Shield, Enhance Protection Object, CStack checker, Slope Detector and Parity Errors - Environmental Protection Systems protecting against voltage monitor, frequency monitor, temperature monitor and light protection - Secure Memory Management/Access Protection

Five factor authentication

Something you have
  • The cloudAshur hardware security module
Something you know
  • 7-15 digit Admin/User configurable PIN
  • Username and password for the iStorage cloudAshur Windows or macOS client app
  • Where the data is stored, which cloud provider
  • Username and password for the cloud account


Intelligently programmed to protect against all forms of brute force attacks.

If the User PIN is entered incorrectly 10 consecutive times, the User PIN will be deleted and the drive can only be accessed by entering the Admin PIN in order to reset the User PIN. (Admin can change this from the default 10 incorrect PIN entries, to 1-9, for the User only)

If the Admin PIN is entered incorrectly 10 consecutive times, all PINs and the encrypted encryption key will be lost forever.

1. LED lights
Red – standby state
Green – User mode
Blue – Admin mode
2. Polymer coated, wear resistant, alphanumeric keypad
3. Common Criteria EAL4+ ready secure microprocessor
4. Epoxy coating
5. Hard anodized and ruggedized extruded aluminium housing
6. Key button
7. SHIFT button
8. Zinc alloy (can be attached to keyring)
9. Rubber gasket

Making the module waterproof when sleeve is fitted

FIPS Level 3 compliant tamper proof & evident design

All critical components within the cloudAshur enclosure are covered by a layer of super tough epoxy resin, which is virtually impossible to remove without causing permanent damage to the critical components.

If breached, the cloudAshur modules tamper evident design will provide visible evidence that tampering has occurred.

User PIN enrolment

The Admin can set a restriction policy for the user PIN. This includes setting the minimum length of the PIN, as well as requiring the input of one or more ‘Special Character’ if needed.

The ‘Special Character’ functions as ‘SHIFT + digit’

One-time User recovery PIN

The Admin can program the cloudAshur with a one-time recovery PIN. This is extremely useful in situations where a User has forgotten the PIN to authenticate the cloudAshur.

This feature allows the User to enter the Recovery PIN and configure a new User PIN.

Whitelisting on networks

Configured with a unique VID/PID and internal/external serial number with barcode, allowing easy integration into standard end-point management software (white-listing), to meet internal corporate requirements.

cloudAshur KeyWriter

cloudAshur KeyWriter (patent pending) makes sharing of data in the cloud, via email and file transfer services (e.g. WeTransfer) between authorised users a breeze with ultimate security and peace of mind, allowing users to securely share data with one another, in real-time, regardless of their location.

Key features

cloudAshur KeyWriter copies all critical security parameters including the randomly generated encryption key and all PINs between the Master cloudAshur module and as many secondary cloudAshur modules as required using any off the shelf USB hub, allowing authorised users to securely share data with one another, in real-time, regardless of their location.

The critical security parameters never leave the cloudAshur module and are stored in the Common Criteria EAL4+ ready secure microprocessor.

The process of copying the encrypted encryption key and all critical credentials between the Master cloudAshur module and the Secondary cloudAshur modules is protected by a secure protocol incorporated within the iStorage cloudAshur secure microcontroller. The protocol is implemented using cryptographic algorithms, all of which are FIPS certified. Every cloudAshur has a unique certificate issued by a root of trust, which ensures that only iStorage cloudAshur modules can be used during the key exchange process.

The cloudAshur modules never output the established session key when running the secure protocol and the sensitive data being copied is only decrypted in the validated recipient cloudAshur module. The iStorage KeyWriter software running on the PC coordinates the operations required by the secure protocol, however the software has zero visibility of both the session key and decrypted data, making it impossible for a hacker to access or retrieve any critical security parameters stored within the cloudAshur module.

cloudAshur Remote Management

Gives you full control of all cloudAshur hardware security modules deployed within your organisation offering a wide range of features to manage all users.

Key features

iStorage Remote Management Console provides the Administrator full visibility and control over the following:

Temporarily disable or reset (remote kill) Users cloudAshur modules - in the event of suspicious activity or an employee leaving the organisation without returning their cloudAshur encryption module.

Restrict file types – control what file types are being uploaded and shared in the cloud (EXE, PNG, PDF, etc…) View User’s log files – full visibility over what each User is doing in the cloud, such as, what files they are uploading, downloading, modifying, etc…

Display User’s location – You can view the location of User’s cloudAshur modules via an on-screen map.

Geofencing and Time fencing - restrict the time and location of where and when the cloudAshur encryption module can be used by each individual User.

iStorage Remote Management Console is compatible with Windows (Vista/7/8/10).

The future of cloud data security

Available on pre-order

Pre Order


Now available for pre-order!

Get help

Any questions? Call a specialist or chat online.

+44 (0) 20 8991 6260

Chat now >

Technical specifications


Hardware Security Module (patent pending)


FIPS PUB 197 certified USB 3.0 encryption controller


3.7V Li-Polymer Rechargeable Battery


Dimensions - H/W/D

87.40mm / 19.40mm / 13.40mm


cloudAshur is compatible with both PCs and MACs and works with numerous cloud providers including Amazon Drive, Google Drive, OneDrive, Dropbox, iCloud and many more.

Hardware data encryption

Can be configured in two encryption modes AES-ECB 256-bit (FIPS Compliant) and AES-XTS 256-bit.


FIPS 140-2 Level 3, NLNCSA BSPA & NATO Restricted Level (Pending Q3/Q4)


Ordering information



3 years warranty with free lifetime technical support

iStorage cloudAshur is developed and manufactured by iStorage Ltd

iStorage datAshur Personal2 is developed and manufactured by iStorage Ltd. and is based on DataLock® technology licensed from ClevX, LLC. Patents Pending.


  • PIN authenticated, hardware encrypted, cloud encryption module (patents pending)
  • Five factor authentication
  • On-device Crypto-chip
  • Brute force hack defence mechanism
  • Compatible with Windows and macOS
  • Auto lock on removal
  • Two encryption modes – AES-XTS 256-bit & AES-ECB 256-bit
  • Uniquely incorporates Common Criteria EAL4+ ready secure microprocessor
  • FIPS Level 3 compliant tamper proof & evident design
  • Polymer coated, wear resistant on-board alphanumeric keypad
  • Immune to Bad USB
  • Whitelisting on networks
  • IP58 certified (dust & waterproof)
  • User PIN enrolment
  • Separate Admin and User modes
  • Self-destruct feature
  • Inactivity Auto-lock
  • One-time User recovery PIN
  • Customisation services available


Now available for pre-order!

Get help

Any questions? Call a specialist or chat online.

+44 (0) 20 8991 6260

Chat now >

Quantity / Customisation

You can customise more than one side
Please choose one of the following options
No Customisation
Bottom (sleeve) €5
Side 1 (sleeve) €5
Side 2 (sleeve) €5
Side 1 (drive) €5
Side 2 (drive) €5
Total: €119