Storage Effect

DFS-hidden data can be found by Microsoft Vista, Word and Google Desktop

You may be in denial if you think a Deniable File System (DFS) will fully secure your data.  So says Byte and Switch today, based on a study by British Telecom’s Bruce Schneier and a team of researchers from the University of Washington.  They were able to expose DFS-hidden data with Microsoft Vista, Word, and Google desktop.  

Fully ecrypted hard drives are not affected

Don’t worry -  this chink in data security does not apply to drives using Full Disk Encryption (FDE) .

FDE will mean less crushing and more re-using of disk drives 

The Minneapolis Star Tribune profiled two local companies that have thriving businesses destroying retired disk drives.  The process is startling similar to the metal crushers used in junk yards. 

If you had any doubt that erasing data from a drive doesn’t really erase it, read this article. 

Video of a drive shredder in action

Seagate will ship about one billion disk drives in the next five years.  Imagine if they all had to be crushed and recycled when they are retired? Or worse yet, thrown in a junk pile somewhere?

An exciting feature of the industry’s new Full Disk Encryption technology is that drives can be erased with absolute certainty by simply deleting a password.  That means that still-functional retired drives can be resold as “gently used” drives. 

Make room next to that used car lot!

FDE is currently available on notebook drives like the Seagate Momentus FDE, and it will be coming soon to servers and storage systems near you.

When you get rid of a drive, do you erase it, crush it, or cross your fingers?  Let me know!

Hardware-based encryption is an important weapon in the defense of data at rest

If the National Security Agency says Seagate’s Momentus FDE self-encrypting hard drive is secure, I don’t need any more convincing. 

It really is a cool drive, with full AES encryption of all data within the drive, all without any slow-down in performance. 

And it can’t be hacked the way software-based PC data encryption schemes can. Just don’t lose your password!  That’s why key management is such an essential part of notebooks using of these drives.

Bonus benefit: you can instantly and thoroughly erase a drive for retiring or repurposing by simply deleting the password.  One-click instant erase!  Nice.

Forbes’ thoughts on the NSA action 

A factual comparison of encryption methods

Here’s a thorough article on disk drive-based encryption, with comparisons to software-based encryption.  Key takeaway: if you encrypt within the disk drive, there are no external access points for an intruder to exploit. 

What’s the real-world risk of someone going to such lengths?  Someone could break down my locked door at my house as well. 

The “no-worries” benefit 

A major commercial value of hacker-proof encryption on a business PC is the “no-worries” benefit.  If a disk-encrypted notebook with customer records on board is lost or stolen, there is no credible risk of the data ever being retrieved.  Whether or not the notebook is found, the business is safe from becoming a media poster child for lax security of their customers’ personal information.

Seagate’s take on this topic is here.

Full Disk Encryption is the elegant solution to elaborately hacked passwords

Engadget has recently raised the alarm over gaps in software-based encryption security.  First, they reported that keys can be recovered from DRAM with a complex but possible process.  Next, they pointed out that thumb drives could be used in a simpler variation of the technique.

Good news:  you can close this gap with a hard drive with Full Disc Encryption (FDE), like the Momentus 5400 FDE.

• The cryptographic key never leaves the hard drive
• It’s stored on an ASIC in the hard drive with no probe points
• Any attempt to remove the ASIC from the drive package locks the drive and cuts power to the chip, erasing its memory

For those serious about security, stop messing with bandaids and lock it down tight. Here’s a more detailed description of this.

 I’ve posted several times on data security and encryption issues.

Secure the storage and free businesses to keep using a valuable tool

Gigaom highlights the challenges with business security and the increase in size and use of USB drives for sensitive data. 

Disabling USB ports isn’t the answer.  It crimps users’ style, and workarounds are bound to defeat the effort.

Disk drive vendors are adding black hat-level encryption to their drive hardware (Full Disk Encryption; here’s Seagate’s take), providing a hack-proof solution that preserves the business users’ flexibility and doesn’t impact performance.  As long as a strong key management capability is in place, it’s an elegant (and largely transparent) way to protect data on the move wherever it resides.

Seems like USB storage vendors could learn a lesson here, to avoid forcing businesses to limit what is obviously a highly valuable tool.

What’s the right storage for a rugged notebook?  It depends.

CRN recently conducted a Toughest Notebook Challenge.  The tests were real-world, “I can’t believe I did that” abuses to notebooks from Acer, Panasonic, Toshiba and Dell.  Acer and Panasonic came out on top. 

These systems all used standard-class notebook disk drives, as best I can tell.  Seagate’s entries in this space are the Momentus family of drives.  Toughness for storage is either built in to the drive (like our EE25 drive for extreme environments) or built around it with cases, absorbers, etc. 

Which method is best for you depends upon what the notebook is meant to do.  Using a standard drive frees you to offer value-add features like flash-infused hybrid technology, secure Full Disk Encryption and drop-safe Zero-G Sensor technology.  Capacity will always be the highest here as well.

Rugged drives are the right solution when the application is really funky, or when the chassis-related costs of protecting a regular drive exceed the incremental cost of the rugged drive.

And do some real-world testing before you claim you’re tough enough!

Provide added value with an off-the-shelf product

Your customers can now buy secure notebooks with Full Disk Encryption from Dell.  Similar notebooks have been available in the channel from ASI and others for six months.  The mainstream value of this technology is summarized nicely by Business Week.

This is a good chance to offer new value in a commoditized space.  Even reselling the Dell machine as part of a “Get Safe” solution for your customers will be profitable for you, because they’ll value some additional help in setting up key administration and management.  That’s necessary so that they can’t lose passwords.  With FDE drive technology, if you lose the password, the data on the drive is lost forever. 

The value prop for your customer for secure notebooks: if a system is lost or stolen, the data from that PC will never be retrieved.  No chance of them being on the Evening News due to exposing sensitive customer records.

An added bonus is simple and worry-free drive retirement or repurposing. Simply throw away the key and the previously stored data is gone forever.  No more erasing seven times, writing over data, and crossing your fingers.

Should you build your own secure whitebook?  Probably not yet, unless you’re up for the task of integrating the key management software with the drive, as Dell and ASI have done with Wave Systems.  If you get it wrong, you’ll have angry customers with unaccessible data.

Seagate’s drive in this space, in both the Dell and ASI machines, is the Momentus 5400 FDE.