We Have Self-Encrypting Technology — Why Don’t We Use It?

  • Is your storage device securely locked and protected?

Can the storage devices you depend on be more secure? Are they secure already? If not, why not?

Tom Coughlin — respected storage analyst and 30-year industry veteran — poses these questions, perhaps with some sense of frustration, in his recent technology paper The 2015 Self-Encrypting Drive Market and Technology Report.

Self-encrypting hard disk drives were first introduced by Seagate in 2007, and today most hard disk drives (HDDs) and solid state drives (SSDs) have implemented the Trusted Computing Group’s Opal standard for Self-Encrypting Drives (SEDs). SED solutions based on these specifications enable integrated encryption and access control within the protected hardware of the drive. Self-encrypting drives provide an industry standard solution for full disk encryption, protecting data when machines or drives are lost or stolen, as well as re-purposed, repaired under warranty, and at the device’s end-of-life. The Trusted Computing Group’s open standards provide multivendor interoperability, allowing application vendors to provide management for multiple SED providers.

Why wouldn’t everyone embrace Secure Encrypting Drive technology immediately?

Does your hard drive protect your data?Customer response to such a simple and effective way to secure data has been particularly positive in industries where data breaches can be very costly due to increasing data privacy laws. But, even though SED is widely implemented at the hardware level, that hasn’t led to a more widespread application by users to make their data secure.

Why? Coughlin Associates recently published report explains some of the reasons. The report reveals factors delaying wider adoption of SED security applications, and discusses factors that may drive increased SED implementation in the future.

The report projects that by 2017 all HDDs shipped will be SED-capable, and by 2018 11% of all HDDs will shift to SED-enabled or SED-promoted products, driven by security demand. But by that same year, Coughlin estimates customer adoption of SED-enabled functions for HDDs may still be as low as 54 million units (or as high as 85 million units).

Similarly for SSD devices, although SED feature implementation in 2018 will be 100 percent (about 236 million SSDs), Coughlin projects SSDs intended for security and data-protection purposes that year may be less than 10 percent, or 24 million units.

Who benefits from increasing use of SED?

Coughlin believes it’s important that the technology industry works to boost adoption of these tools to help protect users’ content and privacy, by promoting awareness and a greater realization of why privacy is important for effective commerce.

According to the report, several factors contributed to a slow market adoption of the technology in its early history:

  • slow corporate IT spending due to uncertainty and tight IT budgets in the last few years,
  • lack of knowledge about the difference between hardware-based encrypted SEDs and SW encrypted solutions,
  • lack of training of OEMs (original equipment manufacturers) and integrators on the use and advantages of SEDs limits their growth,
  • legal issues limiting the use of encrypted drives in some countries,
  • a limited initial market mainly driven by government mandates,
  • until recently, a lack of common standards and a continuing lack of product certification,
  • lack of secure auditing facilities and,
  • concerns about data availability, largely due to key management issues and operating system support.

At the same time, the report outlines factors that may boost growth in SED adoption:

  • cost parity of SEDs to non-self-encrypting storage devices will make it easier to get these products adopted universally,
  • with SEDs there is no discernible encryption time like there is with software encryption,
  • SEDs don’t have the performance overhead that software encryption running on the host has, leading to better overall system performance,
  • SEDs may have a somewhat longer useful life than drives used in a software encrypted system, due to increased reads and writes with SW encryption,
  • because the encryption key is stored on the storage device, it cannot be accessed through host hacking, like SW encryption can,
  • SEDs are less complex to implement in storage array encryption solutions,
  • government mandates and regulations are increasing the requirements for privacy and favor the use of SEDs, particularly those with FIPS 140 certification,
  • secure erase reduces re-provisioning and end of life costs, and is the only effective way to make data on a SSD inaccessible

Find more information on this and other Coughlin Associates reports here.

2018-08-27T15:33:07+00:00

About the Author:

John Paulsen
John Paulsen is a "Data for Good" advocate, with nearly 20 years in the data storage industry. He's helped launch many industry-firsts including HAMR technology, 10K-rpm and 15K-rpm hard drives, drives designed specifically for video and for gaming, Serial ATA drives, fluid dynamic HDD motors, 60TB SSDs, and MACH.2 multi-actuator technology.