January 06, 2011, 11:36 AM — We've seen this coming over time: Based on the Trusted Computing Group's standard, hard drives and solid state drives (SSD), are offering self-encryption built-in. The key difference with these next-generation encrypted drives is that these units have the encryption integrated into a single chip on drive in the drive.
Securing data storage is especially important for small businesses, due to legal specifications that require companies to report breaches, and to maintain data for long periods of time for accountability purposes.
More than 45 states have data privacy laws with encryption safe harbors. In 2008, the average cost of notification regarding a data breach was $6.65 million per incident.
That adds up fast if a flash drive with company personnel and salary data is compromised, for example. At the Storage Visions 2011 conference here in Las Vegas, another stat thrown around that's gives pause: Since 2005, over 345,124,400 records containing sensitive personal information have been involved in security breaches.
One of the advantages to the single-chip, no-software approach now in place: There's no performance degradation. It's also safer; the encryption keys are generated within the drive, so there are no keys to lose. The keys never leave the drive.
What is a self-encrypted hard drive? The drive itself protects the data, with either 128-bit or 256-bit AES keys that are stored in the drive itself.
"Technically, it's a self-protecting device," says Robert Thibadeau, senior vice president and chief scientist at Wave Systems, and a representative for the Trusted Computing Group, which oversees the technical specification for self-encrypting hard drives.
There's the media encryption key that encrypts the data, and the authentication key that is used to unlock the drive and decrypt the media encryption key. Without the authentication key, there is no media encryption key in the drive at all. You create the password, then the only way to get back onto the drive--and to the data that's on the drive--is with the password (or passwords) you set up.