Encryption is the age old approach to making data unreadable to anyone but the intended recipient. While originally created for military purpose, it has found commercial success not long after the war when companies and individuals needed to protect development work from competition – at least until it gets patented.

Encryption is used to protect data, whether it is in-transit or at rest. In 2007, the US government reported that up to 71% of companies surveyed use encryption for some of their data in transit.

Approaches to encryption vary by vendor. Some encrypt data as it travels between sender and receiver. Encryption for data at rest is also common, particularly as portable computing devices have become a normal business tool.

Hard drive vendors have been working to introduce encryption into drive itself. My first introduction to this was while attending a Fujitsu Expo in Tokyo. One of the displays was a Fujistu 2.5” hard drive (HDD) that uses a built-in encryption technology to protect data stored on the drive. .

Recently Seagate and Hitachi launched their implementations of encryption on their HDDs. Seagate uses what it calls Secure Self-Encrypting Drive (SED) option across its enterprise-class HDDs. Hitachi Global Storage Technology (GST) calls their technology “Bulk Data Encryption” or BDE.

Hitachi’s BDE technology is based around the Advanced Encryption Standard (AES 128) supported by the National Institute of Standards and Technology (NIST). Seagate uses that security protocol developed by the Trusted Computing Group, a non-profit industry body group focused on developing open standards.

The advantage of having data on the drive encrypted is evident whether it involves desktop computers or laptops. For desktops, if the company decides to upgrade their PCs, destroying the electronic content of the HDDs is important. Because of the potential to get stolen or lost, laptops need the disk encryption.

HDDs used in enterprise-class arrays have one characteristic unique to their class – they are purpose-built to continue operating 24×7. With the exception of COPAN’s implementation of MAID (Massive Array of Idle Disks), the HDDs’ on most arrays continue to spin throughout their lifecycle. They are only taken down when the array firmware indicates a soft or hard failure. In this instance, engineers often take out the faulty drive and sends over to the manufacturer for testing. But failed HDDs still contain the data.

According to Michael Willett, co-chair for the Trusted Computing Group Storage Work Group and Seagate Research, over 50,000 hard drives, thought to be extremely safe within the data center, are decommissioned and leave the data center daily. For returned drives with suspected problems, an IBM study indicates that 90 percent are still readable, allowing unauthorized personnel easy access to confidential data. Classifying the data on any decommissioned drive as secure without taking the proper security steps could lead to a data breach situation.

In the past vendors like EMC and Dell have clauses in their contracts that allow customers to keep faulty drives on their premises. This may no longer be necessary.

By having the encryption built-into the HDD hardware, data written on the disc platter remains encrypted and unreadable even if the HDD is repaired. Now if Mr. Chen had this on this laptop when he sent it for repair, the technician wouldn’t have been able to pry open the data even with a crowbar. That ladies and gentlemen is how you keep curious eyes from knowing your secrets.

For a listing of encryption software, click here.
Disclaimer: I don’t claim to know the software on the list. I suggest you walk with caution.

Advertisements