www.snia-europe.org
europe SNIA
Solid Security: The Rise of Self Encrypting Solid State Drives
By Tom Coughlin, Marketing Chair, SNIA Solid State Storage Initiative, Coughlin Associates
P
rotecting user data is important in storage devices. Users are encouraged to back up their data to make sure that it isn’t accidently lost if a storage device crashes or data is inadvertently written over. Likewise, if valuable information is on a storage device it makes sense to make sure that that data isn’t accessible by unauthorized individuals or organizations. Protecting user data from being stolen or accessed leads to the use of encryption in storage devices.
Self Encrypting Drives
Data on a storage device can be encrypted using encryption algorithms built into storage devices (hardware encryption) or running on the host system containing a storage device (software encryption). Hardware encryption runs entirely on the digital storage device and the encryption key never leaves the storage device. A device that runs this sort of hardware encryption is called a self encrypted drive (SED).
Providing encrypted data on the SSD where the key is within the device allows erasing the encryption key and making the data unavailable to others—a crypto-erase.
Software encryption runs on the host processor rather than the storage device. This has implications on performance due to additional processor overhead in order to handle the encryption and decryption of data as well as the time it takes for initial encryption of a storage device. SW encryption performance penalties as high as 20- 40% have been reported by OEMs and storage device suppliers.
SEDs were initially championed by US government organizations, such as the NSA, and government regulations say that any US government IT equipment must meet NIST FIPS 140 certification, including storage devices and systems. That is why the largest percentage of sales up through 2010 for SEDs were to the US
government and US government contractors that are subject to rules requiring them to use FIPS 140 certified devices and systems. Similar requirements exist in other countries.
The second largest driver for SEDs to date is regulatory compliance. A SED that is lost or stolen without the password to access the SED encryption key is considered secure. Thus companies experiencing this loss don’t need to report a data breach and all the additional costs and bad public relations that such announcements create. Thus, laws such as Sarbanes-Oxley (in the US) have helped drive the use of SEDs, particularly for corporate legal and financial data. However use outside of these applications has not been as widespread.
October/November 2011 I
www.snseurope.info SSD3
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44