Those of us concerned with data privacy and data security are all too aware that data breaches are continuing at an alarming rate. Several websites are devoted to tracking data breach activity, and industry analysts and security consulting firms continue to weigh-in on the business risks, financial impacts and best-practices associated with securing sensitive / private data.
While network hacking and insider leaks draw a lot of press attention, the theft or loss of laptops and other computers with embedded disk drives remains a larger data breach threat than hacker attacks (According to the Open Security Foundation database as of May 2011). And because the data risk in these cases lies with data "at rest" on a storage device, the security of storage devices themselves is an increasing area of focus for device vendors, IT pros, and security professionals.
There are new reasons to take hope that storage device security is improving and may soon have a profound impact on data security in general. A Ponemon Institute study commissioned by the Trusted Computing Group in March 2011 provides some interesting insights into customer perceptions toward an important emerging data security technology - self-encrypting drives (SEDs). Respondents indicated that concerns about encryption methods often included such issues as loss of performance, ease of deployment, compatibility, manageability and standardization. SEDs are gaining fans because they address many of these concerns better than traditional encryption methods.
Using SEDs improves performance because encryption is done in the disk drive hardware instead of in the host system memory, which uses host CPU cycles. Because encryption is done in hardware, deployment is much easier - there is no re-encrypting time cycle - and disk contents are encrypted in real-time (at full disk I/O speeds) when IT loads the company software image onto the hard drive. Anecdotally, my own discussions with IT PC techs suggest this is a major benefit that positively impacts both job satisfaction and the service levels delivered to IT customers.
Another advantage of SEDs is compatibility. Since encryption happens inside the drive hardware, the encryption capability is independent of the OS and any applications that are in use. This is the direct opposite of software encryption applications, which must be designed for specific OS and file systems. In addition, software encryption applications insert themselves into the disk I/O stack where they can bump up against other utilities like virus checkers and backup applications as well as degrade system performance.
But let’s not forget that most security conscious organizations have already deployed software encryption and integrated a centralized security management application to ensure security policies are enforced - a large investment that one can’t simply "rip and replace." Well, not to worry because the same encryption and security management ISVs used by many of the world’s best-known companies now support and manage SEDs. With broad ISV support, SEDs can easily be added as PC hardware is upgraded, giving IT staff the ability to improve PC performance and ease of deployment while maintaining a seamless management environment alongside existing software encryption systems.
The views expressed on this post are my own and do not necessarily reflect the views of TAIS or Toshiba.
The views and opinions expressed in this blog are those of the author(s) and do not necessarily reflect those of Toshiba America Electronic Components, Inc.