DOC RABE Media - Fotolia
Self-encrypting hard drives can reportedly solve data loss problems, but I've heard about many issues with them....
What potential threats do self-encrypting drives pose? Are there enterprise use cases for them?
Encrypting sensitive data is a key element of information security, as it ensures the confidentiality of corporate information. Most users, however, find encryption difficult to apply and enterprise administrators often struggle to enforce encryption policies across all their users' devices. Self-encrypting drives and devices are a potential solution to the difficulties that encryption can introduce as they provide transparent encryption of all data on the drive at all times. The data encryption and decryption operations occur on a dedicated crypto-processor that is part of the drive controller; this helps avoid the performance overhead of software-based encryption products that rely on the device's CPU. Drive retirement and redeployment are also easier as cryptographic erasure -- achieved by changing the media encryption key -- is instantaneous as opposed to a multipass data write, which can take hours for a large drive.
A self-encrypting drive's always-on encryption and general simplicity can help enterprises comply with government or industry regulations for data privacy and encryption; if a user's laptop is lost or stolen the contents of the drive cannot be read. However, a team of academics has found that several versions of self-encrypting drives made by Western Digital contain various security flaws that would allow an attacker with physical access to a drive to decrypt the data with very little effort, and in some instances without even knowing the decryption password. Researchers from KPMG Canada have also demonstrated three data recovery methods against laptops using self-decrypting drives that show the Opal and Microsoft's eDrive standards can't guarantee the security of data in situations where a laptop is in sleep mode and not turned off completely, as the power to the self-encrypting drive keeps it in an unlocked state.
Implementing encryption correctly will always be difficult, but the Western Digital products were vulnerable due to a variety of basic errors and poor implementation of the cryptographic processes. For example, in one instance the random numbers used to cryptographically protect the password that unlocks the drive were derived from the current time on the computer clock, making it possible to crack the password in a very short time. Some self-encrypting drives also had a default password stored on the device; until the user changed it at least twice, it could still be used to decrypt data on the drive.
These studies highlight the risk of using encryption products that have not been fully tested and scrutinized. Using them may look good during a compliance audit, but they may not be providing the protection that sensitive data at rest really needs. Hardware and software encryption products should provide documentation on how the encryption works and how it is implemented, and enterprises should not consider their use until they have passed some form of independent audit. This is why many experts recommend only using open source software encryption as it can be analyzed at length without relying on a vendor's assurances. Enterprises using self-encrypting hard drives or just encrypted hard drives should ensure users are aware that data is only encrypted once their devices are fully powered off, and they should not be left in sleep mode. These types of drives should also be covered by the patch management process, as there are likely to be more firmware updates than standard drives to keep cryptographic processes and functions patched and up to date.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Learn more about the Let's Encrypt open certificate authority
Find out how the Logjam vulnerability affects TLS encryption
Dig Deeper on Disk and file encryption tools
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading