Seagate pushes hard drive encryption to the data center

By Robert Westervelt, News Editor 15 Oct 2007 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Seagate Technology is extending full disk encryption technology to all its enterprise-class hard drives and pushing for standards for hard drive encryption in storage systems.

The Scotts Valley, Calif.-based hard drive maker said it plans to roll out enterprise-class drives with full disk encryption in 2008 and to reduce the complexities that could hinder adoption, the vendor said it is working to make standards a reality.

Drives that are resident in a storage array in the data center are not necessarily high on the radar screen at this point. Eric Maiwald, senior security analyst, Burton Group

IBM, and storage vendor LSI Corp. are working with Seagate to make key management, a process that can be complicated in heterogeneous environments, work well across different vendor product lines. Two standards bodies, The Trusted Computing Group (TCG), and the IEEE 1619.3 are establishing a security protocol for communicating with self-encrypting hard drives and creating a key management standard to ensure interoperability between the vendor products.

The announcement was made at Storage Networking World.in Dallas, where Seagate is demonstrating enterprise-drive level full disk encryption.

The three vendors said encryption belongs on the disk and cite guidance from the National Security Agency identifying disk-level encryption as the most desirable solution.

The biggest challenge for Seagate will be getting customers to see hardware encryption as an important capability, said Eric Maiwald, a senior security analyst for Midvale, Utah-based Burton Group. Full disk encryption on laptops and encrypted backups are currently understood by most IT pros, but hardware encryption may be a stretch, Maiwald said.

Full disk encryption: Should full disk encryption be used to prevent data loss?  Federal government pushes full-disk encryption: Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full-disk encryption (FDE) products. Considerations for encryption and compliance: It's often thought that a wide-ranging encryption implementation can prevent data loss and satisfy compliance mandates.

"Drives that are resident in a storage array in the data center are not necessarily high on the radar screen at this point," he said. "The management aspects will also have to be taken care of which means IBM will have to finish their work on the key management system."

Gianna DaGiau, Seagate's global product marketing manager says disk-level encryption protects data at rest and doesn't result in poor system performance since the encryption functions are done within each drive in the system. The system also scales when storage is added to the data center.

"Today very few end users encrypt any data in the data center for data at rest and when they do it's just a small portion of the data," DaGiau said. "Ultimately this solution will apply across the entire data center," DaGiau said.

In March, Seagate released a 2.5-inch notebook PC full disk encrypted hard drive and it also announced a desktop version.

Seagate customers are excited about the new technologies, but frank about some initial challenges. More education is needed before Seagate will likely see companies embrace its encryption vision, said Chris Cahalin, manager of network operations at Papa Gino's Inc. & D'Angelo Sandwich Shops. Cahalin has been slowly introducing notebooks containing Seagate's full disk encrypted hard drives to end users. Every desktop machine Papa Gino's has purchased since March 2005 is fitted with a trusted platform module (TPM), a chip installed on the motherboard that's used for hardware authentication.

"It's a big learning curve, but the benefits and possibilities are there," Cahalin said.

The encryption key also remains in the drive reducing maintenance and the need to decrypt and re-encrypt data. Seagate said security is also improved since the disk drives are designed to self power down after a predefined number of authentication attempts. Access control credentials are also separated from the encryption key, the vendor said.

"Encryption is a tool in the security tool bag," Burton's Maiwald said. "Enterprises will need to understand where encryption can help manage risk and where it will not. Adding more tools can be a good step but we also need the customers to understand how to use them."

Tags: Disk Encryption and File Encryption,  Enterprise Data Governance,  Data Loss Prevention,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Disk Encryption and File Encryption Heartland CIO is critical of First Data's credit card tokenization plan Heartland CIO on end-to-end encryption, credit card tokenization Should developers create libraries of common cryptographic algorithms? What is an encryption collision? Heartland CIO on PCI, E3 project Visa probes tokens, encryption for PCI card data protection Voltage, RSA spar over tokenization, data protection Truth, lies and fiction about encryption What are new and commonly used public-key cryptography algorithms? What are the export limitations for AES data encryption? Enterprise Data Governance Creating an enterprise data protection framework Analyst DLP study finds maturity, ranks top DLP vendors Voltage, RSA spar over tokenization, data protection Twitter gets condemned by CISOs at Forrester forum PCI DSS compliance requirements: Ensuring data integrity Trustwave acquires data loss prevention vendor Vericept Data has become too distributed to secure, Forrester says Cloud-based security services should start private Compliance in the cloud How to write technology outsourcing contracts Data Loss Prevention Breach prevention: How to keep track of data and applications Trend Micro to address DLP after analyst report criticizes strategy How to secure USB ports on Windows machines DLP technology challenges security costs Defining DLP Analyst DLP study finds maturity, ranks top DLP vendors Data protection tips for corporate compliance leaders Trustwave acquires data loss prevention vendor Vericept Best Data Loss Prevention Products Are there still Google Desktop security problems?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Advanced Encryption Standard  (SearchSecurity.com) data key  (SearchSecurity.com) Encrypting File System  (SearchSecurity.com) encryption  (SearchSecurity.com) Escrowed Encryption Standard  (SearchSecurity.com) network encryption  (SearchSecurity.com) output feedback  (SearchSecurity.com) Quiz: Cryptography  (SearchSecurity.com) Rijndael  (SearchSecurity.com) Twofish  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary