Self-encrypting Drive (SED) solutions based on TCG specifications enable integrated encryption and access control within the protected hardware of the drive. Self-encrypting drives provide the industry's preferred solution for full disk encryption, protecting data when the machines or drives are lost or stolen, as well as re-purposed, warranty repair, and end-of-life. TCG's open standards provide multivendor interoperability, allowing application vendors to provide management for multiple SED providers.
Self Encrypting Drive Benefits:
- Proven standards for data confidentiality
- Hardware-based and optimized within the drive electronics
- Compliance to state, federal, and international breach notification legislation; enables an encryption-based 'safe-harbor'
- Minimize risk of data theft when compared to traditional drive disposal technique
- Encryption hardware, integrated into the drive controller, allows the drive to operate at full data rate with no performance degradation
- Scalable solution - every drive contains an encryption engine
- Encryption always on and transparent to the user - major compliance requirement
- Keys for encryption are generated in the drive and never leave the drive
- User authentication is performed by the drive before it will unlock, independent of the operating system
- Encryption is transparent to both users and application software
- No impact on end-to-end processes, like compression, de-duplication, or data loss prevention
- No need for complex infrastructure to manage encryption keys
- Main processor cycles not used for encryption
- No modifications to the operating system, applications or tools
- Crypto-erase provides instant repurposing/decommissioning; drive is not destroyed
- By 2017, all hard drives will be SED capable (encryption integration into the controller); over 25 percent are SED enabled today
- By 2013, 80 percent of solid state drives, or SSDs, are SED capable; by 2014, penetration will near 100 percent
An InformationWeek and Trusted Computing Group Webcast, "Hardening Private Keys with Less Hassle, Less Cost and More Security: A Case Study in Authentication".
Answers to the Questions posed during TCG's Webcast on November 18, 2011, "Where is Your Data Tonight? A Lesson in Avoiding Headlines, Fines, or Worse"
Recently, experts who have been involved in developing some of the key Trusted Computing technologies spoke about the future of these technologies, why users should implement them, and general security issues. TCG has captured these short interviews.
"The real defense here is trusted boot, something Trusted Computing is supposed to enable...BitLocker...can prevent these sorts of attacks if the computer has a TPM module, version 1.2 or later, on the motherboard."
Steve Sprague, Wave Systems Corp. participates in a data security podcast