Tuesday, June 14, 2011

A Self Erasing Hard Drive? Toshiba Gives Security a Big Boost

Toshiba Self Eraser.jpeg
Imagine the following scenario: Someone steals one of your computers.  However, you are security conscious & have the BIOS password protected.  This means that the system will not even begin to boot until the  correct password is given.  This is pretty good security until the thief removes the hard drive and puts it in a different machine or a portable hard drive enclosure where it will be treated as an auxiliary drive.  Once that happens, your data is plain to see.
However, Toshiba has put a wrinkle in the above scenario with hard drives that will totally wipe themselves clean if they are connected to a different machine.
These Self Erasing Drives or SED for short encrypts all data on the drive & then unecrypts it when ever access is needed.  If the drive is accessed by another machine, the drive senses this and destroys the keys.  This leaves the data encrypted with a 256-bit AES algorithm and no way to decode it.
Here is what Toshiba has to say about these amazing pieces of hardware:

Toshiba adds advanced access security, built-in hardware data encryption, and wipe technology features to its 2.5-inch, 7,200 RPM Serial ATA storage products with the MKxx61GSYG series hard disk drives. The self-encrypting drive (SED) provides government-grade AES-256 hardware encryption incorporated in the disk drive’s controller electronics. Based on the widely endorsed Opal Security Subsystem Class (Opal SSC) specification from the Trusted Computing Group** (TCG), the MKxx61GSYG enables secure host authentication, strong data encryption and data-theft prevention features on such systems as notebook or desktop PCs, multi-function printers, point-of-sale systems, thin clients and service kiosks. Toshiba expands on the Opal SSC by adding unique security features which may be used to “wipe” protected data from the disk or deny access to protected data if access credentials are invalid, for example, if the disk drive were to be removed from the host platform.

Targeted at security-sensitive applications, the drive’s built-in hardware encryption reduces compatibility concerns associated with software encryption, while delivering transparent performance gains and a lower total cost of ownership. Deployment is fast and secure because data is encrypted during normal write/read operations. Toshiba’s wipe technology features can significantly shorten re-purposing and data cleansing operations while helping to assure compliance with data security policy. The Toshiba AES-256 encryption algorithm is certified to FIPS 197 by the US National Institute of Standards and Technology (NIST). In addition, the Toshiba MKxx61GSYG SED provides features to enable secure remote administration, using such capabilities as Intel’s Active Management Technology (AMT).

The MKxx61GSYG is compatible with leading third party security management applications, allowing seamless deployment of SEDs alongside pre-existing software encryption. Unlike software encryption, which is dependent on CPU performance and system memory capacity, the MKxx61GSYG encrypts at full storage I/O speeds and scales seamlessly in multi-drive applications.

 

For the full low-down, check out Toshiba's site.

Post a Comment