Self-Encrypting Drives for
Servers, NAS and SAN Arrays
Scenario Three
When IP extends the SAN over the Internet
or dedicated lines, IPSec security is used on
these remote links to protect valuable in-motion
data over long distances and to support data
replication, SAN data device sharing and ensure
backup and business continuity. Secure Sockets
Layer (SSL) sessions are used for the WAN links
(with ephemeral keys) to help ensure that the link
remains secure and that keys are not exposed for
long periods of time.
Regardless of whether there is physical security
protection for the fabric, there is still the need to
secure the hard drive’s data once the drive leaves
the owner’s control. Instead of using the session
security techniques described above, it may seem
that encrypting in the fabric to secure the data
on the hard drive is a good long-term solution:
the data is encrypted not only on the hard drive,
but also as it travels through the fabric. But this
approach has a fundamental flaw: Rather than
increasing security, it actually decreases security
and increases complexity by exposing encryption
keys that are long-lived keys, while exposing large
amounts of cipher text that were all encrypted
with only a single encryption key.
If encryption is needed for data in motion, it
should be provided by IPSec or FC over IP.
Encrypting data on the drive is best performed by
the drive itself, for all of the reasons provided by
the above sections.
Additional Information
Additional information about storage security
can be found at the Trusted Computing Group:
www.trustedcomputinggroup.org
and at the Storage Networking Industry
Association (SNIA) Storage Security Industry
Forum (SSIF):
www.snia.org/forums/ssif/
knowledge_center
Self-Encrypting Drive whitepapers, webcasts
and a performance demo video can be found at:
www.SEDSecuritySolutions.com
.
AMERICAS
Seagate Technology LLC 920 Disc Drive, Scotts Valley, California 95066, United States, 831-438-6550
ASIA/PACIFIC
Seagate Technology International Ltd. 7000 Ang Mo Kio Avenue 5, Singapore 569877, 65-6485-3888
EUROPE, MIDDLE EAST AND AFRICA
Seagate Technology SAS 130–136, rue de Silly, 92773, Boulogne-Billancourt Cedex, France 33 1-4186 10 00
Copyright © 2009 Seagate Technology LLC. All rights reserved. Printed in USA. Seagate, Seagate Technology and the Wave logo are registered trademarks of Seagate Technology LLC in the United States and/or other countries.
Momentus is either a trademarks or registered trademark of Seagate Technology LLC or one of its affiliated companies in the United States and/or other countries. All other trademarks or registered trademarks are the property of their
respective owners. Seagate reserves the right to change, without notice, product offerings or specifications. TP600.1-0903US, March 2009
