Seagate Technology is extending full disk encryption technology to all its enterprise-class hard drives and pushing for standards for hard drive encryption in storage systems.
The Scotts Valley, Calif.-based hard drive maker said it plans to roll out enterprise-class drives with full disk encryption in 2008 and to reduce the complexities that could hinder adoption, the vendor said it is working to make standards a reality.
IBM, and storage vendor LSI Corp. are working with Seagate to make key management, a process that can be complicated in heterogeneous environments, work well across different vendor product lines. Two standards bodies, The Trusted Computing Group (TCG), and the IEEE 1619.3 are establishing a security protocol for communicating with self-encrypting hard drives and creating a key management standard to ensure interoperability between the vendor products.
The announcement was made at Storage Networking World.in Dallas, where Seagate is demonstrating enterprise-drive level full disk encryption.
The three vendors said encryption belongs on the disk and cite guidance from the National Security Agency identifying disk-level encryption as the most desirable solution.
The biggest challenge for Seagate will be getting customers to see hardware encryption as an important capability, said Eric Maiwald, a senior security analyst for Midvale, Utah-based Burton Group. Full disk encryption on laptops and encrypted backups are currently understood by most IT pros, but hardware encryption may be a stretch, Maiwald said.
"Drives that are resident in a storage array in the data center are not necessarily high on the radar screen at this point," he said. "The management aspects will also have to be taken care of which means IBM will have to finish their work on the key management system."
Gianna DaGiau, Seagate's global product marketing manager says disk-level encryption protects data at rest and doesn't result in poor system performance since the encryption functions are done within each drive in the system. The system also scales when storage is added to the data center.
"Today very few end users encrypt any data in the data center for data at rest and when they do it's just a small portion of the data," DaGiau said. "Ultimately this solution will apply across the entire data center," DaGiau said.
In March, Seagate released a 2.5-inch notebook PC full disk encrypted hard drive and it also announced a desktop version.
Seagate customers are excited about the new technologies, but frank about some initial challenges. More education is needed before Seagate will likely see companies embrace its encryption vision, said Chris Cahalin, manager of network operations at Papa Gino's Inc. & D'Angelo Sandwich Shops. Cahalin has been slowly introducing notebooks containing Seagate's full disk encrypted hard drives to end users. Every desktop machine Papa Gino's has purchased since March 2005 is fitted with a trusted platform module (TPM), a chip installed on the motherboard that's used for hardware authentication.
"It's a big learning curve, but the benefits and possibilities are there," Cahalin said.
The encryption key also remains in the drive reducing maintenance and the need to decrypt and re-encrypt data. Seagate said security is also improved since the disk drives are designed to self power down after a predefined number of authentication attempts. Access control credentials are also separated from the encryption key, the vendor said.
"Encryption is a tool in the security tool bag," Burton's Maiwald said. "Enterprises will need to understand where encryption can help manage risk and where it will not. Adding more tools can be a good step but we also need the customers to understand how to use them."