Hardware Isolation for Data Security-PlugMate. Any Alternatives?

I work in finance, and most of my day revolves around handling clients’ private financial data. If this kind of information ever leaks, the impact goes far beyond one individual — it directly affects client trust and can create serious compliance issues for the company. Because of that, I’ve constantly been exploring different ways to store and manage sensitive data more securely.
Over the years, I’ve used quite a few encrypted USB drives — hardware AES encryption, fingerprint unlock, dual authentication. From a pure storage-security standpoint, they do their job well. But there’s always one unavoidable issue: at some point, you still have to copy the files onto a computer to edit, search, or process them.
And that’s where the real risk starts — once the data lands on a machine. As you open files on the computer, the system may generate cache files, temp files, or logs. Even if you try to clean everything afterward, there’s always concerns that one day you might forget to completely remove those traces.
Recently, I came across a product called PlugMate and decided to try it out. It’s not just a regular USB drive — it’s actually a standalone device that runs its own operating system. That means storage and processing both happen inside the device itself. The data never leaves the device, so nothing gets written to the host computer. No local copies, no leftover traces.
It actually reminds me of Windows To Go back in the day — although Microsoft no longer supports it. From what I’ve seen so far, hardware-level isolation seems like one of the most practical ways to reduce this kind of risk.
Curious to hear from others in similar roles — what are you using to avoid leaving data traces on host machines?