Following the nearly constant barrage of new revelations concerning governmental spying on digital networks and the rash of high-profile data breaches in the commercial sector, the security of vital and private data has never been more important. A simple way to virtually guarantee the safety of your data is to use a form of encryption when storing important files. There are many options for encrypting information available today, from free public key protocols to enterprise-grade encryption systems, but one of the most effective technologies is the self-encrypting drive.
What is a self-encrypting drive (SED)
The self-encrypting drive is a closed and independent ecosystem contained within a storage drive. The SED includes its own processor, memory and Ram, and imposes strict limits on the code allowed to run within its system. All encryption is handled on the storage drive controller itself, isolating these important functions away from the less secure host PC.
An SED reserves a small block of internal memory and keeps it isolated from the rest of the storage drive. This area contains the drive's encryption keys and user credentials. When an authorized user securely accesses the drive, data flows in and out of the drive normally and access to the drives information is allowed. If you are found to be an unauthorized user, no access will be granted and data cannot be obtained by any means. Everything on the drive is encrypted, all the time.
The encryption key is created on the drive during the manufacturing process and is never removed, making it impossible to steal and providing immunity against traditional software attacks.
Reasons to purchase an SED
- Performance. Encryption hardware is integrated, which leads to nearly zero performance impact. This allows the SED to provide a greatly increased performance value over other types of full-disk encryption for data intensive operations.
- Security. SEDs operate independent of the operating system providing a level of security against software attacks that target the operating system, BIOs, and applications. SEDs are also immune to attacks that use CD and USB keys and memory attacks.
- Encryption key management. The SED's encryption keys are generated within the disk's controller at the time of its manufacture and never leave the drive. This provides the SED user with freedom from needing to backup, store, or recover keys.
- Integrated Authentication. Users must perform their authentication to unlock the drive. Authentication cannot be separated from the SED and is operated by a pre-boot OS within the drive. This is the only system by which authentication can be performed.
- Ease of use. SEDs require a single authentication to the drive at start up. This allows for the encryption to operate behind the scenes with little to no impact of productivity.
- Invisible to software. The SED operates at the hardware level making encryption and authentication functions invisible to the drive's operating system and software.