A new hardware-based encryption technology from Seagate Technology could become standard in a few years as a way to combat data theft from stolen or lost laptops.
Dubbed DriveTrust Technology, encryption is integrated directly into the drive itself. Most other encryption technologies reside in a separate application or as part of the operating system.
The technology had been available for the DV35 series hard drives Seagate makes for digital recorders, but not in a PC-based system. The first Seagate laptop hard drive to feature the technology will be the Momentus 5400 FDE.2.
“This will be the first time anyone’s ever baked an (encryption) chip right into the drive,” said Seagate spokesman Michael Hall.
“The encryption keys for this drive are hidden in what we call secure partitions,” he said. “If you take, for instance, a 200 GB drive, about 10 per cent of that storage is unaddressable by outside resources. We store the encryption keys in that hidden space so that none of the other resources in the computer can get to it. With software encryption, you have the keys floating around in the OS.”
The password-based system prompts the user at boot to unlock the drive. The drive also allows an administrator to add other security-based applications to the drive such as organization-wide encryption key management or multi-factor authentication.
A hardware-based encryption system has been thought possible for a long time now but complexity may have delayed its appearance in a product, said Brian O’Higgins, CTO of Third Brigade, a security software provider based in Ottawa.
“You knew they were coming five years ago, it’s just taken them a long time to get to the market. Whenever you talk about encryption, there’s always a lot of complexity about it. It’s all about managing the keys. You need a proper standard,” he said.
Hardware security solutions aren’t completely unheard of. A non-software approach has been developed before, said O’Higgins, but typically on a PC motherboard or as a data centre solution across multiple hard drives.
He said that it will probably be only a year or two before encrypted laptop hard drives become commonplace, particular if a manufacturer the size of Seagate is backing the technology.
Charles Kolodgy, research director of security products for IDC, agreed that this approach to encryption will likely become a standard, particularly for enterprise laptops.
“We’re beginning to see a greater interest in data encryption, I think. Even this year, you had a lot of personal records that were lost over the network, but many, many more were lost from laptops,” said Kolodgy.
He warned that “given unlimited time and unlimited resources, you can break anything,” but a locked down hard drive would deter all but the most persistent data thieves.
But under some circumstances, that level of encryption could complicate matters for the user as well, argued Bill Margeson, CEO of CBL Data Recovery Technologies, based in Markham, Ont.
If a disk becomes damaged, for example, encryption can complicate the recovery process, he said.
“With about 25 per cent of what we see, the media, for various reasons becomes damaged throughout the platter surface. This really complicates getting intelligible data back. The decryption doesn’t have enough to work with,” he explained. “It does add another layer of complexity.”
Margeson said that software-based encryption solutions are commonly available to lock down disk drives, but tend to be underutilized by OEMs due to lack of interest. However, he acknowledged there are populations of users that desire added security. “I guess there will be a need, in the right place.”
Seagate is marketing its drive as a means for organizations to meet compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. In Canada, the technology would be most applicable to the Personal Information Protection and Electronic Documents Act (PIPEDA) which governs the way information belonging to private citizens is collected and utilized by organizations. It also governs the number of years that information can be kept on file.
According to Seagate, its DriveTrust Technology can erase a drive instantly, allowing information to be safely destroyed. The company is promoting the technology as a means to handle hardware lifecycle management.
Hall said the drives will ship early next year. Seagate is currently in talks with several laptop OEMs, he said, but no agreements have been finalized yet.
There’re three ways to protect flash drive. The first one is availabel for Win 7, Win 8 users, they can use BitLocker to password protect drive. The second is to purchase encryption flash drive hardware such as Kingdom, this kind of drive has built-in encryption feature, but it costs much. The last solution is to use software to encrypt the files in flash drive. USB security is a good freeware.
http://www.kakasoft.com/usb-security/password-protect-hard-drive-on-windows.html