Why Self-Encrypting Drives (SED’s)? Part I

“Businesses should consider self-encrypting drives (SEDs) for new installations that hold significant volumes of sensitive data” – says Gartner.

According to the research, the average total cost of a data breach for the 383 companies participating in the research conducted by Ponemon Institute LLC was $4 million in the year 2016 (Courtesy: 2016 Cost of Data Breach Study: Global Analysis by Ponemon).  Also, the average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.

In other research. CIO Insight found that….

  • 82% of respondents say their company has reported at least one data breach.
  • 70% of respondents say that they believe self-encrypting drives would have “an enormous and positive impact” on safeguarding important company information.
  • 64% of respondents say set-up time for self-encrypted drive is faster than for traditional encryption solutions.

Why do so few businesses use SEDs?

Since SEDs are not shipped as standard, procurement departments in public and private sectors go with the most economic bundle, says Alessandro Moretti, the member of the (ISC)2 board of directors and a senior risk and security executive in financial services.

“If SEDs are more expensive than standard drives, then standard drives are shipped,” Moretti says.  The problem is that the buying decision is made around the cost of the bundle, as IT security professionals are not typically involved in the buying decision.  Also, because hard disk drive suppliers do not sell to IT security professionals or other users, but rather the OEM suppliers, there is no demand being created for SEDs.

One of the biggest challenges has been in raising the availability and awareness of the technology from the start.  While cost concerns have played an important role in making it more difficult for public and private organizations to procure SEDs as part of their data security arsenal, there are several other, less obvious reasons for the low-adoption level of SEDs.

What are Self Encrypted Drives?

An SED is a self-encrypting hard drive with a circuit built into the disk drive controller chip that encrypts all data to the magnetic media and decrypts all the data from the media automatically. All SEDs encrypt all the time, on the fly, performing just like any other hard drive, with the encryption being completely transparent or invisible to the user.

To protect the data from theft, the user provides a password. This password is used by the drive to encrypt or decrypt the media encryption key. In this way even the media encryption key cannot be known without knowing the password.  Very strong passwords are permitted by the Trusted Computing Group specification for SEDs of up to 32 bytes. With such a password, it is practically impossible for a would-be data thief to recover the media encryption key and access data on the hard drive.

Stay Tuned

In part II of the series, we will be discussing the interworking of SED’s and the challenges SED’s face in becoming mainstream.


Leave a Reply

Your email address will not be published. Required fields are marked *

thirteen + 6 =