A secure computing environment in which a computer automatically operates in a full-access data storage mode when it detects the presence of a secure removable storage device. In full-access mode all data written to removable storage device is encrypted with a cryptographic key and the user is given access to sensitive if authorized. Otherwise, the computer operates in a restricted-access mode in which the user is unable to write to the removable storage device and is unable to access sensitive data. The invention detects security information on the data storage device and generates a cryptographic key from the security information. The security information can be a function of the unique format characteristics of the underlying storage medium, a unique identifier retrieved from an electronic circuit embedded within the removable storage device or a serial number etched on the storage device during manufacturing. In addition, drive-specific information and even user-specific information can also be used to generate the cryptographic key, thereby creating a highly secure computing environment. When the computer operates in a full-access mode, all data written to the storage device is encrypted and the user is able access to sensitive data within the organization. When security information is not present on the removable storage device the computer automatically operates in a restricted-access mode in which the user does not have access to sensitive data and data cannot be written to the removable storage device.