Secure your data with self-encrypting drives (SEDs)
I don't know about you, but I'm becoming increasingly nervous about all of the malware that's out there. I hate the thought of some nefarious person roaming around my computer "touching" my data with their sticky metaphorical fingers.
There are numerous types of malware, but one I think of as being particularly slimy and nefarious is ransomware. One type of ransomware locks your system down and then displays messages coaxing you into paying a ransom in order to have your machine unlocked. Another type encrypts all of your data files on your hard drive, forcing you to pay a ransom in order to receive the decryption key.
I hate this stuff. I wish that the authorities would (a) treat this as a major issue, (b) invest whatever resources it takes to track the originators down, and (c) impose serious sanctions on the perpetrators, ranging from lifetime imprisonment to castration, or both. I tell you, if the people creating and deploying malware knew that this level of punishment was on the cards, I think we'd see a lot less of it. Of course I may be wrong, but in the spirit of scientific enquiry I say let's try it for a few years and see what happens.
In my case, all I really have on my system is the columns I'm currently writing and archives of old articles and books -- along with photos of my family, friends, and hobby projects -- which means I really don't have much that would be of interest to anyone else. I daren't even think how I would feel if I was in charge of securing and protecting military, commercial, and industrial data.
All of which leads us to the concept of self-encrypting drives (SEDs) -- a type of hard disk drive (HDD) or solid state drive (SSD) that automatically and continuously encrypts the data on the drive without any user interaction.
But where do you find this type of beast? Well, I recently heard from the folks at Virtium that they've just announced their StorFly SED SDDs boasting support for AES-256 encryption.
"Virtium's new SED SSDs are a perfect fit for embedded systems that require encryption in addition to our leading small-footprint, industrial-temperature, high-endurance, and low-power storage innovations," said Scott Phillips, vice president of marketing at Virtium. "These encryption solutions support multiple SATA form factors, including 2.5", 1.8", Slim SATA, mSATA, M.2, and CFast. Additionally, they support all three StorFly classes – CE (MLC), XE (industrial-grade MLC) and PE (SLC). This new, broader array of SSD offerings provides OEMs and system designers with industrial security solutions not previously available without significant compromises to reliability. And while the consumer and enterprise markets may offer encrypted SSDs, they may not support the industrial temperatures, shock/vibration requirements and product longevity that Virtium's new SEDs do."
A Virtium SED uses random AES encryption keys that are generated at product initialization (leveraging the drive controller's integrated random number generator), which are hashed and then stored within the drive itself. These keys are subsequently used in conjunction with the integrated AES encryption engine to encrypt and store the host data on the NAND flash without burdening the host system (unlike software-based encryption solutions). The encryption keys are non-retrievable and cannot be changed without the complete loss of the data on the SSD.
Virtium's new StorFly SEDs are Trusted Computing Group Opal 2.0-compatible and support hardware and software initiated crypto-erase and block-erase features that satisfy requirements of the National Institute of Standards and Technology Special Publication 800-88 Revision 1 Guidelines for Media Sanitization. These features are persistent through power interruption cycles.