Hardware-based encryption wades another step into the IT mainstream, with a new series of bigger and faster Seagate drives on Dell laptops and out-of-the-box integration with McAfee's endpoint encryption products.
"By having auto-encrypting drives, you don't have training issues and you don't have long implementations. All of that goes away."
- Chris Cahalin, Network Manager, Papa Gino's Holdings Corporation, Inc.
The McAfee role is particularly significant in that it is the first major full-disk encryption vendor to integrate tightly with the Seagate drives. Wave Systems Corp. and Secude partnered with Seagate Technology LLC to provide management features when the first drives debuted last year. Industry analysts and vendors generally agree that hardware-based encryption will supplant software encryption because it provides stronger security and better performance. However, the devil is in the details, and the hard part -- the very hard part -- has never been the encryption per se but management.
"The management piece is where McAfee steps in, managing encryption keys, security auditing, and additional layers of authentication, such as biometrics and smart cards," said Joni Clark, product marketing manager for Seagate's Personal Computer Business Unit.
Full-drive laptop encryption was something of a niche market not long ago -- too hard and too expensive. But growing concerns over high-profile information breaches with lost or stolen laptops (the number of laptops that disappear in taxis and at airports is mind-boggling) and regulations, including myriad state data breach notification laws and PCI DSS, are changing that rapidly.
"A lot of enterprises would be surprised how many places personal information actually exists," said Chris Cahalin, network manager at Dedham, Mass.-based Papa Gino's Holdings Corporation, Inc. "So, by having a strategy where data is always protected on the laptop, it's a big relief as an organization to be protected against the potential for data leakage."
Cahalin started phasing in Dell laptops with the Seagate encrypted drives as soon as they came out last year, leveraging the bundled Wave Systems software, which he was already using to leverage his laptops' built-in TPM chips for hardware-based authentication and file and folder encryption. He takes his laptop security very seriously, using fingerprint authentication as well. He was also an early Windows Vista adopter, eager to take advantage of its stronger security.
Seagate drives should help enterprise sales, analysts say. The original Momentus 5400 FDE drives are available in 80,120 and 160 GB models. The new drives offer 7200 RPM performance and 320 and 500 GB capacity. The 320's are available now, and the 500 GB drives will be available late this year or early next.
In addition to Latitude and Mobile Precision laptops, Dell is offering the Seagate drives in the OptiPLex 960 desktop for the first time.
McAfee's appeal lies largely in its popular e-Policy Orchestrator (ePO) console for managing all its endpoint security products. With McAfee's support for the Seagate drives, customers will be able to manage both hardware- and software-encrypted drives transparently. McAfee became a player in the full disk encryption market when it acquired Safeboot last year.
"Since the acquisition, McAfee has been migrating management functionality -- key management, workflow management, user management, authentication management -- to ePO from the Safeboot console, said Chris Parkerson, McAfee's group solutions marketing manager for data protection. "McAfee customers will have the ability to use Seagate hard drives out of the box."
The McAfee-Safeboot deal is part of a general market consolidation, as interest in full disk encryption intensifies. Check Point Software Technologies Ltd. acquired Pointsec last year and Sophos bought Utimaco Safeware Inc. last month. Remaining independent players include Credant Technologies Inc., PGP Corp., GuardianEdge Technologies Inc., WinMagic Inc. and Entrust Inc., among others.
We can expect continued adoption as hardware-based encryption becomes increasingly available. Full disk encryption is getting cheaper and easier to implement.
"There's a huge shift in the way security is implemented -- it's baked into hardware now," said Papa Gino's Cahalin. "You don't have to be an expert on all various software implementations. By having auto-encrypting drives, you don't have training issues, don't have long implementations. All of that goes away."