The world’s six biggest computer hard drive manufacturers have recently published the final specifications for a single, full disk encryption which will become standard across all hard disk drives, Solid state drives (SSD) and encryption key management applications. Once enabled, any disk using the specification will be locked and require a password before the computer even boots up.
The encryption will cover consumer laptops and desktop computers as well as enterprise class hard drives that are used in servers and disk storage arrays.
"This represents interoperability commitments from every disk drive maker on the planet," said Robert Thibadeau, chief technologist at Seagate Technology and chairman of the TCG. "We're protecting data at rest. When a USB drive is unplugged, or when a laptop is powered down, or when an administrator pulls a drive from a server, it can't be brought back up and read without first giving a cryptographically-strong password. If you don't have that, it's a brick. You can't even sell it on eBay."
By using a single, full disk encryption specification across the board all drive manufacturers can incorporate the security encryption into the firmware. This should enable that costs are kept to a minimum as well as increasing the efficiency of the security technology.
For enterprises rolling out this security across pc’s, laptops and servers means that there is less security needed when installing the PC’s which should mean less overhead for PC builders enabling them to pass the cost on to the end users. Also once the encryption is set at administrator level it cannot be turned off by the end user.
Whenever an operating system or application writes data to a self-encrypting drive, there is no bottleneck created by software, which would have to interrupt the I/O stream and convert the data "so there's no slowdown," Thibadeau said.
"Also, the encryption machinery uses no power. When it reads data from the drive, it displays it to the user in the clear. It's completely transparent to the user," he said.The list of manufacturers so far supporting this is Fujitsu, Hitachi GST, Seagate Technology (including Maxtor), Samsung, Toshiba, Western Digital, Wave Systems, LSI Corp, ULink Technology and IBM.
"In five years time, you can imagine any drive coming off the production line will be encrypted, and there will be virtually no cost for it," said Jon Oltsik, an analyst at Enterprise Strategy Group.
The added security measure is welcomed by TRC Data Recovery Services, as a much needed ratification for the various methods of FDE that exist at the moment.