Securing data at rest: Self Encrypting Disks (SEDs)

Here is a link to a recent guest post that I was invited to do over at The Virtualization Practice (TVP) pertaining to Self Encrypting Disk (SEDs).

Based on the trusted computing group (TCG) DriveTrust and OPAL disk drive security models, SEDs offload encryption to the disk drive while complimenting other encryption security solutions to protect against theft or lost storage devices. There is another benefit however for SEDs which is simplifying the process of decommissioning a storage device safely and quickly.

If you are not familiar with them, SEDs perform encryption within the hard disk drive (HDD) itself using the onboard processor and resident firmware. Since SEDs only protect data at rest, other forms of encryption should be combined to protect data in flight or on the move.

There is also another benefit of SEDs in that for those of you concerned about how to digital destroy, shred or erase large capacity disks in the future, you may have a new option. While intended for protecting data, a byproduct is that when a SED is removed from the system or server or controller that it has established an affinity with, its contents are effectively useless until reattached. If the encryption key for a SED is changed, then the data is instantly rendered useless, or at least for most environments.

Learn more about SEDs here and via the following links:

• Self-Encrypting Drives for IBM System x
• Trusted Computing Group OPAL Summary
• Storage Performance Council (SPC) SED and Non SED benchmarks
• Seagate SED information
• Trusted Computing Group SED information

Ok, nuff said.

Cheers gs

Greg Schulz – Author Cloud and Virtual Data Storage Networking (CRC Press), The Green and Virtual Data Center (CRC Press) and Resilient Storage Networks (Elsevier)
twitter @storageio

All Comments, (C) and (TM) belong to their owners/posters, Other content (C) Copyright 2006-2024 Server StorageIO and UnlimitedIO LLC All Rights Reserved