background image

Overview

This paper discusses the challenge of securing data on hard 
drives that will inevitably leave the owner’s control. It introduces 
Self-Encrypting Drives (SED), which may be used in two ways: to 
provide instant secure erase (cryptographic erase or making the 
data no longer readable), and to enable auto-locking to secure 
active data if a drive is misplaced or stolen from a system while in 
use. Two appendices then follow: The first compares SEDs to other 
encryption technologies used to secure drive data. The second 
provides detailed analysis of instant secure erase and auto-lock 
SED technology, explaining how SEDs are used in servers, NAS and 
SAN arrays, virtualized environments, RAIDs, JBODs and discrete 
drives.

Introduction

When hard drives are retired and moved outside the physically 
protected data center into the hands of others, the data on those 
drives is put at significant risk. IT departments routinely retire drives 
for a variety of reasons, including:

  Returning drives for warranty, repair or expired lease agreements

  Removal and disposal of drives

  Repurposing drives for other storage duties

Nearly all drives eventually leave the data center and their owners’ 
control; Seagate estimates that 50,000 drives are retired from data 
centers daily. Corporate data resides on such drives, and when 
most leave the data center, the data they contain is still readable. 
Even data that has been striped across many drives in a RAID array 
is vulnerable to data theft, because just a typical single stripe in 
today’s high-capacity arrays is large enough to expose hundreds of 
names and social security numbers. 

Self-Encrypting Drives for 

Servers, NAS and SAN Arrays

Technology Paper

Summary of Contents for 10K.3 - Savvio 300 GB Hard Drive

Page 1: ... drives are retired and moved outside the physically protected data center into the hands of others the data on those drives is put at significant risk IT departments routinely retire drives for a variety of reasons including Returning drives for warranty repair or expired lease agreements Removal and disposal of drives Repurposing drives for other storage duties Nearly all drives eventually leave...

Page 2: ...reconciling the services as well as internal reports and auditing More troubling transporting a drive to the service puts the drive s data at risk Just one lost drive could cost a company millions of dollars in remedies for the breached data With these shortcomings in mind it s no surprise that an IBM study found that 90 percent of the drives returned to IBM were still readable The key lesson here...

Page 3: ...er the drive is powered down In other words the moment the SED is switched off or unplugged it automatically locks down the drive s data When the SED is then powered back on the SED requires authentication before being able to unlock its encryption key and read any data on the drive thus protecting against misplacement and insider or external theft The lifecycle of authentication keys can be manag...

Page 4: ...ver or storage subsystem controller or hard drive are all possibilities But where should this encryption take place Using Self Encrypting Drives merely for instant secure erase provides an extremely efficient and effective means to help securely retire a drive But using SEDs in auto lock mode provides even more advantages In short from the moment the drive or system is removed from the data center...

Page 5: ...the wire encryption to technologies designed for securing data in motion Several years ago before Seagate began working on drive encryption the United States National Security Agency NSA analyzed the problem of data security and determined that the best place to perform encryption is in the hard drive It s a well known security maxim that guards should be placed as close to the jewels as possible ...

Page 6: ... SEDs as well and it won t be long until all hard drives will be Self Encrypting Drives Standardization of Self Encrypting Drives promises lower acquisition costs as well The world s top six hard drive vendors collaborated to develop the final enterprise specification published by the Trusted Computing Group TCG This specification created to be the standard for developing and managing Self Encrypt...

Page 7: ...being written to the disk When a read is performed the encrypted data on the disk is decrypted before leaving the drive During normal operation an SED is completely transparent to the system appearing to be the same as a non encrypting drive The Self Encrypting Drive is constantly encrypting encryption cannot be accidentally turned off When the owner acquires the drive this embedded encryption key...

Page 8: ...r operates on z OS i5 OS AIX Linux HP UX Sun Solaris and Windows operating systems and is designed to be a shared resource which can be deployed in several locations within an enterprise to help ensure the application is highly available With its platform neutrality and its ability to take advantage of the existing security policies and high availability environment in an organization s most secur...

Page 9: ...authentication to become unlocked In an auto locking SED an encryption key and an authentication key work together to enable access to the data stored on the drive An auto locking SED which is configured to use authentication contains no secret that if discovered could reveal the encrypted data A simple description of the unlock process explains why this is true The unlock process is the part of t...

Page 10: ...he authentication process is successfully completed the drive is unlocked until the next time it is powered down Note that this authentication process only occurs when the drive is first powered on it does not repeat with each read and write operation 3 Clear encryption key encrypts and decrypts the data The clear text encryption key is then used to encrypt data to be written to the disk and to de...

Page 11: ... each approach thus care must be taken when choosing where to encrypt Data encryption options come in many forms including Host based software Encryption hardware appliances Encryption ASICs that reside on the adapter switch RAID controller or hard drive When evaluating how to protect and where to encrypt data at rest on the SAN NAS or the server s direct attached storage the best solution is to e...

Page 12: ...s are incorporated into hard drives they can be intermixed with older drives in storage systems that support encryption without making any changes specific to the new drives higher level of protection Key management is also becoming interoperable IBM LSI and Seagate will support the Key Management Interoperability Protocol submitted to OASIS for advancement through their open standards process Gov...

Page 13: ... vendors are already shipping SEDs today This promises an end to the risk of data breaches when hard drives leave their owner s control Performance at Full Drive Speed Less Need for Data Classification The Self Encrypting Drive has a dedicated engine for full interface speed encryption Utilizing hardware based encryption the SED s encryption engine resides in the controller ASIC Each drive port us...

Page 14: ... required as long as the switches and routers support IPSec data encryption Fibre Channel technology can only reach a distance of about 10km but IT managers need to share protect and move data much farther than that sometimes across geographic borders QLogic provides routers and switches that enable SAN traffic to move over IP linking SANs over WANs As a result self encrypting storage is expected ...

Page 15: ...should be provided by IPSec or FC over IP Encrypting data on the drive is best performed by the drive itself for all of the reasons provided by the above sections Additional Information Additional information about storage security can be found at the Trusted Computing Group www trustedcomputinggroup org and at the Storage Networking Industry Association SNIA Storage Security Industry Forum SSIF w...

Reviews: