The Benefits of “Self Encrypting Hard Drives”
It’s been a difficult time for companies in the area of information security. From hacktivism, to government snooping, the integrity of personally identifying information seems cracked and the methods touted to protect it tragically flawed. In a recent survey by the Electronic Frontier Foundation of several major CSPs (cloud security providers), they found that the majority failed to implement strong data encryption measures. Given the extensive dependence many companies have on CSPs to provide data security encryption, and the nebulous nature of accountability in the event of a data breach in the cloud, a more prudent solution for companies would be to utilize data encryption before their data enters the cloud.
Threats to data in the cloud are only part of the problem of ensuring data security. Widespread BYOD (bring your own device), coupled with a woeful lack of data security policy across organizations, is a significant contributor to data breaches. According Cisco’s 2013 report on BYOD, the majority of respondents (59 percent) who use smartphones to access personal health information (PHI) said they were not password protected. Furthermore, 53 percent accessed unsecured or foreign Wi-Fi networks, and 48 percent couldn’t say for certain if they disabled “discovery mode” on their Bluetooth devices and smartphones (making them extremely vulnerable to cyber-attack). The overriding theme of this and other studies is that data breaches are increasingly due to employees failing to encrypt data stored on portable devices.
In a recent www.computerweekly.com article on the benefits of SEDs (self-encrypting devices), Robert Thibadeau of Seagate talked about the advantages of using SEDs to protect sensitive data. Specifically, SEDs are a highly effective means of securing data, because of how they work versus traditional encryption or firewalls.
Unlike the stacking Russian dolls, which can each be accessed if you can open the first one, SEDs are like a series of constantly changing locks and keys. SEDs continuously scramble data using a Media Encryption Key (MEK) and a Key Encryption Key. Several distinctions should be noted: 1) the KEK is never stored in plaintext inside the drive, 2) the contents on a SED are always encrypted and the encryption keys are themselves encrypted, 3) these keys are kept in hardware (the drive controller versus the computer’s processor or memory) and cannot be accessed by other parts of the system, 4) this prevents them from being accessed, should the network, OS, or server be attacked.
Given the benefits of using SEDs, one wonders why they are not more common with all the security threats in today’s world. According to Thibadeau, it comes down to information or the lack of it. Because many SEDs are not shipped as standard security bundles and/or have a nominally higher price-point, procurement departments (which often exclude IT) go with the most economic bundle. Perhaps as data security breaches continue to make headlines, procurement departments will shift their view to the long-term benefits of SEDs for greater data security. There are many options to go with when choosing SEDs, and each option has their pros and cons (Source: http://www.winmagic.com/products/enterprise-server-encryption/self-encrypting-hard-drives).
About the author:
Daniel Gail is an avid tech geek with experience in writing for a number of blogs across the web. Prior to becoming a professional writer, Daniel worked in I.T. across a number of industries, including banking, marketing and software. For more updated on his life and work follow him on Google+.