Oct 15, 2007
Seagate this week is also demonstrating the performance and security capabilities of enterprise drive-level FDE at Storage Networking World. The demonstrations underscore the value that FDE technology brings to storage system administrators tasked with protecting against breaches of data that can occur in drives and systems that have been repurposed, decommissioned, disposed of, sent for repair, misplaced or stolen.
“Many organizations are considering drive-level security for its simplicity in securing sensitive data through the hardware lifecycle from initial setup, to upgrade transitions and disposal,” said Eric Ouellet, vice president, Secure Business Enablement, Gartner. “Drive disposal in particular has always been one of the most challenging elements of the data security lifecycle. Even with secure disposal processes in place, misplacement, mislabeling and theft still do occur which can result in significant losses, penalties and fines. Eliminating the risk of compromise from the source is one approach that can significantly reduce the complexity of managing sensitive data.”
Benefits of Drive Level FDE in the Enterprise
Many organizations, including storage vendors IBM and LSI, who have closely evaluated how encryption in the data center can best be done to guarantee performance, manageability, security and compatibility while minimizing complexity, have concluded that encryption belongs on the disk. Acting in its interests to secure U.S. Government data, the National Security Agency (NSA) has also identified this as a desirable solution.
“The need for enterprise administrators today to be sure that all corporate data is secure across the infrastructure is becoming an increasing priority,” said Barry Rudolph, vice president of Disk Storage Solutions, IBM. “Natively securing data at rest within the disk drives is the next step in the evolution of securing storage media that physically leave the secure confines of the datacenter, and we look forward to collaborating with Seagate and utilizing our industry leading key management and security solutions to enable drive level full disk encryption across the enterprise.”
“Data-at-rest encryption is an important topic in the industry,” said president and CEO Abhi Talwalkar, LSI Corporation. “Although it can be implemented through many techniques, the preferred implementation method for external systems is through encryption at the HDD level. LSI is pleased to be working with other industry leaders and standards organizations to develop and deliver the most effective, standards-based encryption technology in the market.”
Drive-level FDE security provides a range of superior benefits for protecting an enterprise system’s data-at-rest when compared to current software and hardware encryption tools. Among them are:
Performance — Because the encryption engine is in the disk drive’s controller ASIC and matches the drive’s maximum port speed, encryption won’t slow a system down. And because it is in the drive itself, its performance automatically scales every time storage is added in the data center. With FDE at the drive level, performance problems are solved because the encryption functions are done automatically, at full interface speed, within each and every drive in the system.
Compatibility — Drive-level FDE technology is supported by the security protocol developed through the TCG, an organization consisting of membership of more than 50 participating companies, including all hard drive manufacturers. Key management standards to insure interoperability are being established via the IEEE 1619.3. All major storage system providers are participating in IEEE 1619.3.
Manageability — The IT user does not need to escrow the encryption key to maintain data recoverability because the encryption key is in the drive. There is less of a need to decrypt and re-encrypt the data to maintain security, because the encryption key does not leave the drive. This frees the storage administrator from having to schedule and conduct this performance throttling activity.
Security — This self-encrypting drive technology delivers a new standard of security for data-at-rest encryption. Cipher text is never exposed. There are no clear text secrets anywhere on the drive, and an attacker is assumed to have complete knowledge of the secrets’ design and location. The drive can self power down after a predefined number of authentication attempts. Access control credentials are separate from the encryption key. An attacker cannot alter the firmware – firmware downloads are protected. Seagate has put no back doors in the drive. In fact, the drive is locked and inaccessible to anyone without full authorization.
“The fact that the NSA has been such a strong supporter and active participant in the TCG’s efforts around standards for device-level FDE speaks volumes,” said Bill Watkins, Seagate CEO. “We’ve listened very carefully to their advice and requests, worked closely with others in the TCG organization, and we’re excited about the opportunity to deliver on this new technology collaborating with industry leaders such as IBM and LSI. It feels good to play a major role in solving a very real problem for IT end users for improved enterprise security.”
Seagate plans to deliver enterprise-class drives with FDE to customers in 2008. For more information about Seagate and its own family of security solutions, visit www.seagate.com/security.
Seagate is the worldwide leader in the design, manufacture and marketing of hard disc drives, providing products for a wide-range of applications, including Enterprise, Desktop, Mobile Computing, Consumer Electronics and Branded Solutions. Seagate’s business model leverages technology leadership and world-class manufacturing to deliver industry-leading innovation and quality to its global customers, and to be the low cost producer in all markets in which it participates. The company is committed to providing award-winning products, customer support and reliability to meet the world’s growing demand for information storage. Seagate can be found around the globe and at www.seagate.com .
Seagate and Seagate Technology are registered trademarks of Seagate Technology LLC. The Wave logo is a trademark or registered trademark of Seagate Technology LLC or one of its affiliates. All other trademarks or registered trademarks are the property of their respective owners. One gigabyte (GB) is equal to one billion bytes when referring to hard drive capacity. Computer operating systems may use different standards of measurement and report lower capacity. In addition, some of the listed capacity is used for formatting and other functions, and thus, will not be available for data storage.