Published: 01 Jul 2007
Encryption software vendors can expect a challenge from the hardware front.
Laptop encryption hasn't exactly taken the business world by storm, but that's starting to change. Performance issues and management headaches notwithstanding, the specter of one of those many lost or stolen laptops triggering the next VA debacle may be enough incentive for companies to take the plunge.
Until now, the laptop encryption market has belonged to software vendors, such as SafeBoot, Utimaco Safeware, Credant Technologies, Pointsec Mobile Technologies (recently acquired by Check Point Software Technologies) and PGP, but that's changed with the release of Seagate Technology's Momentus 5400 FDE.2 full disk encryption hard drive. Seagate is the first hard drive manufacturer to release an encrypted drive; Hitachi has said it will also get into this market.
Seagate is betting companies will embrace hardware-based encryption because of cost, performance and easier management. It estimates that its hardware encryption will save about $300 per laptop over software encryption, with a significant performance gain, as encryption/decryption doesn't chew up CPU cycles.
The drive leverages a hidden partition that stores crypto keys and Trusted Drive Manager applications from partner Wave Systems.
"Overall security is strong," says Lark Allen, Wave Systems' executive VP for corporate development. "The keys never leave; access control is always performed in the drive." Preboot authentication prevents keystroke loggers, rootkits and the like from executing.
"The military is excited, because if the laptop falls in the wrong hands, they can't see the hidden partition," says Joni Clark, Seagate notebook product marketing manager. In addition to the Trusted Drive Manager applications, admins can use the hidden drive to run other sensitive apps. For example, antivirus launched from the partition couldn't be tampered with.
Laptop maker ASI Computer Technologies has taken the first Momentus/ Wave-based laptop to market, the C8015.
Trusted Drive Manager also features drive pairing, which locks the drive to the host laptop, and "Secure Erase," which allows an admin to effectively erase data for drive reuse or disposal. It sports strong authentication integration (biometrics, smart cards, etc.).
While Seagate claims there is strong interest in the drives and expects to seal additional OEM deals, this doesn't mean all laptop vendors will take this route. HP, for example, has a deal to include SafeBoot encryption on all its laptops.
Further, other feature sets and capabilities, such as removable storage encryption and control, and application control, may still steer customers to software options, especially if laptop vendors start making them available at an attractive price.