Architect’s Guide: Data Security Using TCG Self-Encrypting Drive Technology

With increasing global regulations for data security and the increasing consequences of non-compliance from privacy protection and breach notification laws, enterprises must take the appropriate steps to protect the data entrusted to them by others as well as their own proprietary corporate information.

Self-encrypting drives (SEDs) provide protection for data in storage and meet compliance criteria established by government agencies in the United States and around the world. SEDs demonstrate compliance with expemptions from breach notification laws by providing encryption ‘safe harbor’ protection.

This architect’s guide focuses on the deployment of available SED products in the enterprise (both laptops and the data center), highlighting best practices for implementations in a variety of case studies.

Critical strategies for architects include:

1. Purchase all new laptops and enterprise data storage with SED drives
2. Retrofit high-risk legacy machines with SED drives
3. Restrict access to stored sensitive data to machines with SED drives in early rollout
4. When adding more drives to an array or more arrays to the data ceter, use SEDs to avoid concerns for balancing encryption workloads
5. Phase in SEDs into the data center
6. Avoid or minimize the need for data classification
7. Be aware of and accommodate other data security contexts, as required by statute or due diligence (e.g., transport – SSL/TLS)