This article can also be found in the Premium Editorial Download "Information Security magazine: Security Readers' Choice Awards 2008."
Download it now to read this article plus other related content.
Cool new technologies that will make a difference
Momentus 5400 FDE.2 Hard Drives
Data has legs. As a result, in the wake of one spectacular incident after another, mobile device encryption products are drawing lots of interest.
While attention has been on software-based encryption, hardware encryption has arrived. Seagate earns Information Security editors' gold award as the top emerging technology. It was first out of the gate last spring, with its groundbreaking Momentus 5400 FDE.2 hard drives, shipping first on ASI Computer Technologies laptops, but now available on select Dell computers. Hardware-based encryption solves performance issues, and moving keys into hardware makes encryption easier to implement and manage. The drive leverages a hidden partition that stores crypto keys and Trusted Drive Manager applications from partner Wave Systems.
Beyond laptops, Seagate is working with partners IBM and LSI to bring enterprise-class encrypted drives into data centers later this year.
Drive-based encryption is one of two major hardware options. Intel is expected to launch its chip-based encryption, code named Danbury, sometime in 2008.
Even software-based encryption vendors agree hardware is the future, with their role focusing on key and other management services for Seagate, Intel and other hardware solutions.
[Silver] Application security is no longer an afterthought. Vulnerable apps are a prime--if not the prime--attack vector for getting to customer information, intellectual property and sensitive corporate data. Application development is complicated by outsourcing, which cuts costs and delivery time, but greatly increases risk.
Veracode's unique approach to application security as a service (SaaS) is tailor-made for the new development environment, which is why its SecurityReview services earned the silver award. Before the service solution, companies had two options. They could buy still-maturing application security analysis tools--a market validated when IBM and HP acquired Watchfire and SPI Dynamics respectively--or pay for very expensive consultant code/application review.
Veracode combines strong technology and an attractive model. It scours compiled code, analyzing binaries for vulnerabilities that can be exploited. This means companies can secure their applications without exposing source code to outsiders, a particular concern in an age of distributed, outsourced development. The SaaS approach is an attractive alternative to pricey consulting and allows customers to have applications, outsourced pieces of applications, or even applications they are considering buying analyzed for security flaws.
This was first published in April 2008