September 2009


Encryption is the age old approach to making data unreadable to anyone but the intended recipient. While originally created for military purpose, it has found commercial success not long after the war when companies and individuals needed to protect development work from competition – at least until it gets patented.

Encryption is used to protect data, whether it is in-transit or at rest. In 2007, the US government reported that up to 71% of companies surveyed use encryption for some of their data in transit.

Approaches to encryption vary by vendor. Some encrypt data as it travels between sender and receiver. Encryption for data at rest is also common, particularly as portable computing devices have become a normal business tool.

Hard drive vendors have been working to introduce encryption into drive itself. My first introduction to this was while attending a Fujitsu Expo in Tokyo. One of the displays was a Fujistu 2.5” hard drive (HDD) that uses a built-in encryption technology to protect data stored on the drive. .

Recently Seagate and Hitachi launched their implementations of encryption on their HDDs. Seagate uses what it calls Secure Self-Encrypting Drive (SED) option across its enterprise-class HDDs. Hitachi Global Storage Technology (GST) calls their technology “Bulk Data Encryption” or BDE.

Hitachi’s BDE technology is based around the Advanced Encryption Standard (AES 128) supported by the National Institute of Standards and Technology (NIST). Seagate uses that security protocol developed by the Trusted Computing Group, a non-profit industry body group focused on developing open standards.

The advantage of having data on the drive encrypted is evident whether it involves desktop computers or laptops. For desktops, if the company decides to upgrade their PCs, destroying the electronic content of the HDDs is important. Because of the potential to get stolen or lost, laptops need the disk encryption.

HDDs used in enterprise-class arrays have one characteristic unique to their class – they are purpose-built to continue operating 24×7. With the exception of COPAN’s implementation of MAID (Massive Array of Idle Disks), the HDDs’ on most arrays continue to spin throughout their lifecycle. They are only taken down when the array firmware indicates a soft or hard failure. In this instance, engineers often take out the faulty drive and sends over to the manufacturer for testing. But failed HDDs still contain the data.

According to Michael Willett, co-chair for the Trusted Computing Group Storage Work Group and Seagate Research, over 50,000 hard drives, thought to be extremely safe within the data center, are decommissioned and leave the data center daily. For returned drives with suspected problems, an IBM study indicates that 90 percent are still readable, allowing unauthorized personnel easy access to confidential data. Classifying the data on any decommissioned drive as secure without taking the proper security steps could lead to a data breach situation.

In the past vendors like EMC and Dell have clauses in their contracts that allow customers to keep faulty drives on their premises. This may no longer be necessary.

By having the encryption built-into the HDD hardware, data written on the disc platter remains encrypted and unreadable even if the HDD is repaired. Now if Mr. Chen had this on this laptop when he sent it for repair, the technician wouldn’t have been able to pry open the data even with a crowbar. That ladies and gentlemen is how you keep curious eyes from knowing your secrets.

For a listing of encryption software, click here.
Disclaimer: I don’t claim to know the software on the list. I suggest you walk with caution.

Advertisements

I was doing my routine scout for news articles for eGOVasia when I happen to notice that when you type http://www.eds.com you will be redirected to h10134.www1.hp.com or HP Enterprise Services.

I’m not sure if you noticed it but HP did acquire EDS in 2008 for US$13.4B – that’s a lot of dough for a business (eds) that has had its day in the sun years ago. At the height of its fame, EDS was a force to reckon with when it came to government IT contracts, particularly outsourcing and massive integration projects. But lately the company has had a string of misfortunes. One of the most infamous one was with the US Navy.

HP is pinning its hopes on IT services as a business that would keep revenue and margins up particularly as other areas like PC hardware suffer from the relentless march of commoditization. Afterall, if IBM can do it, HP can just as well.

Dell is trying to do the same with the recent acquisition of Perot Systems. Perot Systems and EDS have something in common – they were both founded by Ross Perot – two time US presidential hopeful. According to a Bloomberg interview, Dell and Perot started talking about the potential of a combined organizations as early as 2007.

It would be interesting to know what Mr. Perot will do next after Perot Systems. He is still young (78). My mom is 81 and she still travels between the US, Canada, Hong Kong and the Philippines to see her children and grand children.

Ok, so I swiped that off from the original “water, water everywhere but not a drop to drink” Samuel Taylor Coleridge poem “The Rhyme of the Ancient Mariner” in which sailors on board a ship where without water to drink despite the fact they were surrounded by a sea of water.

In the same token, companies have successfully figured out how to capture as much data as they could ever need. The problem is interpreting the data to mean something.

One industry that is trying to cope with this issue is the “legal” industry where until recently the fight in the ediscovery solution suite was pretty much among small niche layers.

As many should know by now storage gargantuan EMC took a bite of the ediscovery market with the acquisition of Kazeon. EMC said the acquisition gives it an “end-to-end, in-house d-discovery and litigation readiness solution”.

This is bad news for Kazeon competitors, Iron Mountain, Autonomy, Clearwell Systems and StoredIQ. The latter because it is an OEM partner to EMC.

The two competitor that just might have to start shopping for an OEM partner in this space is NetApp, which partnered with Kazeon in October 2005.

Is there a pattern here?

Dell has been down in the dumps lately following lackluster performance. The once envy of the personal computing industry for its once avantgarde supply chain innovation has been on the prowl for acquisitions to get it back on track. But even Michael Dell’s return to the hot seat hasn’t boosted the company’s revenue – not that it should. At the end of the day, its all about technology, innovation, execution, and value.

HP has discovered that you don’t have to go direct in the low-margin, high volume PC business to gain market share. IBM took the easier way out of the PC business by selling the business to China’s Lenovo.

Dell has gone wide to get back its lustre. But its foray outside the enterprise array has probably confused its customer base of enterprises.

Speculation has been rife that Dell has been on the acquisition prowl to get out of the dumps. This morning, the Wall Street Journal reported that Michael Dell has inked a deal to acquire Perot Systems for US$3.9 billion.

Perot Systems focuses primarily in the healthcare and government sectors. What you’d think (and probably Dell hopes) is that the infusion of a services organization would allow Dell to enter every major industry that are the traditional stumping groups for HP and IBM.

Servics currently accounts for only 10% of Dell’s busines. Post Perot acquisition deal, Dell will suddenly gain 23,000 people in off-shore services capability – mostly out of India.

Forrester Research VP Pascal Matzke was quoted on CIO Today as indicating that the success of the deal for Dell will boil down to how well Dell is able to integrate the two different cultures.

Nokia announced its entry into the burgeoning netbook market with its very own version of what it thinks consumers will want to buy – the Booklet 3G.

The Nokia Booklet 3G is your ordinary netbook with built-in GPS. But is the additional of GPS and Nokia mobile services sufficient to warrant the US$819 price tag? In my opinion, NO!

The netbook’s chief value proposition is price, followed by portability and connectivity (in that order). Nokia product engineers and marketers must have thought that the other way around also works.

At the recently concluded Hong Kong computer festival, you can buy an entry level netbook with almost everything you need to run, including Windows XP, at a starting price of US$192. And you don’t need to buy a wireless service just to avail of a telco’s usual subsidy for handsets – something that is losing its marketing appeal in Hong Kong, where more handsets are bought without any service contract.

In 2008, Nokia advertised the N9x series as a computer. In fact by end of 2008, it was rumored that the N97 was Nokia’s answer to the netbook craze. Now, we know those rumor mongers were dreaming.

And today with Nokia’s Booklet 3G announcement, you can tell Nokia is still dreaming!