Storage Effect

DFS-hidden data can be found by Microsoft Vista, Word and Google Desktop

You may be in denial if you think a Deniable File System (DFS) will fully secure your data.  So says Byte and Switch today, based on a study by British Telecom’s Bruce Schneier and a team of researchers from the University of Washington.  They were able to expose DFS-hidden data with Microsoft Vista, Word, and Google desktop.  

Fully ecrypted hard drives are not affected

Don’t worry -  this chink in data security does not apply to drives using Full Disk Encryption (FDE) .

Cool, but encryption is a kindler and gentler way to retire disk drives

Blocks and Files highlighted this very physical solution to a data management problem: how to be sure sensitive data on retired disk drives never again sees the light of day.  It’s a do-it-yourself version of industrial disk crushers.

Verity’s quite excited about the Hard Drive Destroyer, and I know it fills a desperate need.  But it’s not very resource-efficient nor environmentally friendly.  That’s a perfectly good drive!  Can’t someone else use it? 

The renewable alternative: self-encrypting hard drives like the Momentus FDE and BlackArmor.  When it’s time to retire, throw away the AES-grade encryption key, and Poof! - what was once written will never be seen again.  Certifiably so. 

Momentus FDE is a notebook drive. The first enterprise FDE drive will be the Seagate Cheetah 15K .  Stay tuned.

Who’s destroying drives out there?  Anyone willing to admit they’re ignoring this problem and reusing drives?  

FDE will mean less crushing and more re-using of disk drives 

The Minneapolis Star Tribune profiled two local companies that have thriving businesses destroying retired disk drives.  The process is startling similar to the metal crushers used in junk yards. 

If you had any doubt that erasing data from a drive doesn’t really erase it, read this article. 

Video of a drive shredder in action

Seagate will ship about one billion disk drives in the next five years.  Imagine if they all had to be crushed and recycled when they are retired? Or worse yet, thrown in a junk pile somewhere?

An exciting feature of the industry’s new Full Disk Encryption technology is that drives can be erased with absolute certainty by simply deleting a password.  That means that still-functional retired drives can be resold as “gently used” drives. 

Make room next to that used car lot!

FDE is currently available on notebook drives like the Seagate Momentus FDE, and it will be coming soon to servers and storage systems near you.

When you get rid of a drive, do you erase it, crush it, or cross your fingers?  Let me know!

Hardware-based encryption is an important weapon in the defense of data at rest

If the National Security Agency says Seagate’s Momentus FDE self-encrypting hard drive is secure, I don’t need any more convincing. 

It really is a cool drive, with full AES encryption of all data within the drive, all without any slow-down in performance. 

And it can’t be hacked the way software-based PC data encryption schemes can. Just don’t lose your password!  That’s why key management is such an essential part of notebooks using of these drives.

Bonus benefit: you can instantly and thoroughly erase a drive for retiring or repurposing by simply deleting the password.  One-click instant erase!  Nice.

Forbes’ thoughts on the NSA action 

Digital Rights Management requires rock-solid data security in the infrastructure

Atrato’s been making waves with their innovative approach to performance for content serving applications.  Now they’ve announced that they are working with Seagate to add full disk encryption (FDE) to provide compelling data security to the solution. 

Secure data is a clear need for customers in the business of content distribution.  Their product is basically bits and bytes.  Without bullet-proof security, these guys risk a “pay if you want to” message to this developing market. 

The rules of engagement for Digital Rights Management are still taking shape.  Atrato’s capabilities will be a valuable tool for those trying to influence the future to carve out a profitable and sustainable business model in this space.

Comments?  Is this a killer product for media companies or just interesting technology?

Destroying data can be as important as creating it

How much time do you spend talking with your customers about what to do with their solutions when they are done with them?  Maybe you should rethink your priorities. 

According to Seagate, 50,000 enterprise drives are retired every year. In this age of highly proprietary business data and hyper-sensitive customer records, destroying information can be as important as creating it.  How do businesses guarantee that data is completely removed from retired servers and storage - and PCs ?

Seagate, IBM and LSI have taken a step towards making this incredibly simple and inexpensive.  With Seagate’s Cheetah 15K.6 FDE drive, available this summer, data can be made to disappear forever from retired server and storage drives with a single command.  

This technology already exists for notebook PCs.  In all cases, make sure proper password management procedures are in place before implementing these drives.  Once the key is lost or erased, the data is gone forever.

More from Seagate on secure storage here.

Anyone out there using FDE in notebooks today? How is it working for you?

Full Disk Encryption is the elegant solution to elaborately hacked passwords

Engadget has recently raised the alarm over gaps in software-based encryption security.  First, they reported that keys can be recovered from DRAM with a complex but possible process.  Next, they pointed out that thumb drives could be used in a simpler variation of the technique.

Good news:  you can close this gap with a hard drive with Full Disc Encryption (FDE), like the Momentus 5400 FDE.

• The cryptographic key never leaves the hard drive
• It’s stored on an ASIC in the hard drive with no probe points
• Any attempt to remove the ASIC from the drive package locks the drive and cuts power to the chip, erasing its memory

For those serious about security, stop messing with bandaids and lock it down tight. Here’s a more detailed description of this.

 I’ve posted several times on data security and encryption issues.

Secure the storage and free businesses to keep using a valuable tool

Gigaom highlights the challenges with business security and the increase in size and use of USB drives for sensitive data. 

Disabling USB ports isn’t the answer.  It crimps users’ style, and workarounds are bound to defeat the effort.

Disk drive vendors are adding black hat-level encryption to their drive hardware (Full Disk Encryption; here’s Seagate’s take), providing a hack-proof solution that preserves the business users’ flexibility and doesn’t impact performance.  As long as a strong key management capability is in place, it’s an elegant (and largely transparent) way to protect data on the move wherever it resides.

Seems like USB storage vendors could learn a lesson here, to avoid forcing businesses to limit what is obviously a highly valuable tool.

Provide added value with an off-the-shelf product

Your customers can now buy secure notebooks with Full Disk Encryption from Dell.  Similar notebooks have been available in the channel from ASI and others for six months.  The mainstream value of this technology is summarized nicely by Business Week.

This is a good chance to offer new value in a commoditized space.  Even reselling the Dell machine as part of a “Get Safe” solution for your customers will be profitable for you, because they’ll value some additional help in setting up key administration and management.  That’s necessary so that they can’t lose passwords.  With FDE drive technology, if you lose the password, the data on the drive is lost forever. 

The value prop for your customer for secure notebooks: if a system is lost or stolen, the data from that PC will never be retrieved.  No chance of them being on the Evening News due to exposing sensitive customer records.

An added bonus is simple and worry-free drive retirement or repurposing. Simply throw away the key and the previously stored data is gone forever.  No more erasing seven times, writing over data, and crossing your fingers.

Should you build your own secure whitebook?  Probably not yet, unless you’re up for the task of integrating the key management software with the drive, as Dell and ASI have done with Wave Systems.  If you get it wrong, you’ll have angry customers with unaccessible data.

Seagate’s drive in this space, in both the Dell and ASI machines, is the Momentus 5400 FDE.