In SSDs we trust (but they need to earn it) - Embedded.com

In SSDs we trust (but they need to earn it)

We entrust SSDs with an ever-widening array of uses — from booting up $300 laptops to storing crucial data in remote Internet of Things (IoT) applications. The trouble is that some SSDs are thrust into applications for which they are not fully suited to truly secure the data they are entrusted to hold. This is of particular significance in embedded and industrial applications.

It goes without saying that off-the-shelf SSDs designed for less-crucial applications come up short with regard to ensuring data integrity and protecting it from falling into the wrong hands. By the nature of their architectures and manufacturing processes, SSDs made for embedded and industrial applications provide a large measure of data reliability. Taking this one step further, SSDs have the ability to encrypt their stored data automatically, meaning critical uses — embedded designs for IoT applications, for example — can enjoy an unprecedented degree of security.

The major distinctions between classes of SSDs can be found in their intended applications. Client applications are fairly straightforward as there are countless use cases on the client side as well as clear metrics associated with desktop, notebook, and ultrabook computers, tablets, and smart phones. In these, SSDs are used almost exclusively for storing operating systems and user data generated or downloaded by a single user. Performance of these drives is largely subjective, based on the user's needs and preferences, with the most common requirements being rapid boot-up time and application responsiveness. Client SSDs are usually optimized for reads; write speeds don't matter nearly as much. This use case is further distinguished by the down-time associated with client applications — enough for the SSD to attend to background tasks that help it achieve higher performance and last longer.

In the industrial/embedded space, however, it's a different game. Boot times and the speed with which applications respond mean little if an SSD isn't reliable — sometimes in harsh conditions — or its critical data isn't protected from system failures and attempted theft. The growing importance of solid-state storage integrity, and the data it's expected to manage, has engendered an emerging category: infrastructure SSDs. Such drives are designed to take on the unique storage requirements of industrial and embedded equipment that can ill-afford downtime, data loss, or frequent hardware replacement. Look no further than the IoT to see the crucial role infrastructure SSDs play, and why drive and data integrity are their primary metric. (By the way, this is the very topic I'll be addressing during a panel presentation at this year's Flash Memory Summit, August 9-13, 2016, at the Santa Clara Convention Center, Santa Clara, California. For those attending, it will be Session 304-A.)

As functionality and applications, including those comprising the industrial IoT , or IIoT, move closer to the end-user and the network edge, more and more data is put at risk. While this threat has been in existence for some time, it has typically been addressed using application-specific devices and designs. For example, “mission-critical” military systems incorporate layer upon layer of security into their designs, including data encryption, secure erase, and data purge, while network and IT managers employ more discrete hardware and software methods, including virtual private networks, intrusion detection, and firewalls. The challenge is that these security methods are costly and/or difficult to deploy remotely (and discreetly). What is needed is a simplified, integrated, cost-effective approach that's easy to deploy — even in remote or harsh environments.

Self-encrypting drives (SEDs), such as the recently introduced line of SEDs highlighted in Embedded.com, provide a more simplified approach to data security as they can be easily deployed without the need for additional software layers on top of host operating systems (encryption keys are managed and stored on the SSD itself). And because encryption is integrated into the SSD's controller and firmware, it can be easily implemented on any industrial-type drive format, such as 2.5-inch, 1.8-inch, Slim SATA, mSATA, M.2, and CFast. This allows a secure storage solution to be deployed easily and discreetly just about anywhere, regardless of size constraints, operating conditions, or environmental issues (Figure 1).


Self-encrypting SSDs add a significant level of data protection to both IoT and IIoT applications (Source: Virtium)

To achieve self-encryption, random Advanced Encryption Standard (AES) encryption keys for the SSDs are generated at product initialization using the drive controller's integrated random number generator. These keys are stored in the drive and they are used in conjunction with an integrated AES encryption engine to encrypt and store the host data in the NAND without burdening the host system. Keys are non-retrievable and non-changeable without complete loss of the data encrypted on the SSD. Of course, encryption alone does not provide full data protection because, without drive authentication (TCG Opal 2.0 or ATA security-based), the stored data is still accessible. Therefore, it is recommended to employ authentication in conjunction with encryption to derive the greatest security benefit.

Self-encrypting drives now on the market address a wide variety of industrial/ embedded applications. For example, Virtium SEDs support industrial temperatures (-40 to +85°C) as well as low power, integrated power-fail protection, and vtView SSD monitoring software. From a security perspective, these SSDs also support other data-protection features, including secure erase, Trusted Computing Group (TCG) compatibility, and write protection (hardware and software) to protect against malicious or unintended writes to the SSD. The drives also support customizable “secure boot” options built on the trusted send/receive command within the Opal 2.0 Storage Specification.

With industrial SEDs being so flexible, cost-effective, and easy to deploy, there is really no reason not to use them in applications where data is potentially at risk. No longer are such applications limited in their selection to consumer-grade options that do not meet the rigid criteria of endurance, longevity, and ruggedness. True industrial-grade storage solutions are now available and suitable for everything from simple boot drives to mission-critical applications in industrial applications.

SSDs have always held a trusted place in the embedded and industrial spaces. Now, with self-encryption and their unrivaled reliability in fast-growing applications such as the IoT and IIoT, they've elevated that trust to new heights.

Scott Phillips is vice president of marketing at Virtium Solid State Storage and Memory, in Rancho Santa Margarita, California (www.virtium.com).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.