Self-Encrypting Drives Based On New Trusted Computing Group Specifications Now Available
Date Published: March 9, 2009
Back to News Listing
PORTLAND, Ore., March 9, 2009 - Hard drive vendors have started shipping self-encrypting drives based on the Trusted Computing Group's specifications, the group noted today. Final specifications for
client drives, data center drives and interoperability of self-encrypting drives were published in late January of this year and are widely supported by PC, server, drive and applications providers.
Fujitsu has demonstrated drives based on TCG's Opal self-encrypting drive specification, which is focused on drives for PCs, while Hitachi GST offers these drives now. Seagate is now working with early
adopters IBM and LSI Corporation on data center storage devices supporting the TCG Enterprise selfencrypting drive specification.
Wave Systems Corporation currently provides solutions to set up and manage all available selfencrypting drives. WinMagic provides support and management applications for self-encrypting drives in
an enterprise environment for both Windows and Mac platforms. CryptoMill Technologies also has noted its support for the TCG specifications. McAfee will support the TCG Opal specification to provide a choice of encryption models and implementation options to its customers.
"TCG's new storage security specifications and resulting drives from the vendors that support them have been needed for some time and address a number of high-performance, interoperability, and
security concerns. This change represents a significant improvement for the storage industry and will benefit vendors as well as users who must protect their data," noted Rob Enderle, president and founder of Enderle Group.
The new specifications give vendors a blueprint for developing self-encrypting storage devices (e.g., hard drives) that lock-down data automatically in less than a second and can be immediately and
completely erased in milliseconds. Self-encrypting drives can be easily deployed in the enterprise, because drives based on TCG specifications are easily managed, have reduced cost of deployment and
management, and are interoperable across PC platform types.
The TCG approach specifies encryption in the drive itself, rather than in other components of the PC. Putting cryptographic operations in the drive has a number of benefits. These benefits include the
ability to encrypt the entire drive contents immediately upon device manufacture, strong protection of the encryption keys combined with strict access control, and no loss of system performance. The contents of the self-encrypting drives are always encrypted and the encryption keys are themselves encrypted and protected in hardware that cannot be observed by other parts of the system. AES and other cryptographic algorithms are supported in the specifications, and vendors can add additional security features to their devices. Because encryption is handled in the drive, overall system performance is not affected and is not subject to attacks targeting other components of the system.
Compared to encryption outside of the drive, self-encrypting drives do not interfere with system maintenance, compression, de-duplication, and end-to-end integrity metrics. In addition, the encryption key never leaves the drive, greatly simplifying key management. The enterprise benefits from these security features are reliable compliance, ease of deployment, and ease of management. Additionally, the repurposing of drives at either redeployment or end-of-life has a significantly lower cost than other options.
In the data center, encryption typically has been costly and time-consuming. This is mainly due to the demands on bandwidth. Self-encrypting drives do encryption inside of each drive, where it is
cheaper, safer, and more scalable to implement than encryption in the RAID controller.
Trusted Computing Group, an industry organization that enables computing security, has created a portfolio of specifications to enable more secure computing across the enterprise in PCs, servers,
networking gear, applications and other software, hard drives and embedded devices. More information and the organization's specifications and work groups are available at the Trusted Computing Group's website, www.trustedcomputinggroup.org.
Brands and trademarks are the property of their respective owners.