Secure your data with self-encrypting drives (SEDs)

I don't know about you, but I'm becoming increasingly nervous about all of the malware that's out there. I hate the thought of some nefarious person roaming around my computer “touching” my data with their sticky metaphorical fingers.

There are numerous types of malware, but one I think of as being particularly slimy and nefarious is ransomware. One type of ransomware locks your system down and then displays messages coaxing you into paying a ransom in order to have your machine unlocked. Another type encrypts all of your data files on your hard drive, forcing you to pay a ransom in order to receive the decryption key.

I hate this stuff. I wish that the authorities would (a) treat this as a major issue, (b) invest whatever resources it takes to track the originators down, and (c) impose serious sanctions on the perpetrators, ranging from lifetime imprisonment to castration, or both. I tell you, if the people creating and deploying malware knew that this level of punishment was on the cards, I think we'd see a lot less of it. Of course I may be wrong, but in the spirit of scientific enquiry I say let's try it for a few years and see what happens.

In my case, all I really have on my system is the columns I'm currently writing and archives of old articles and books — along with photos of my family, friends, and hobby projects — which means I really don't have much that would be of interest to anyone else. I daren't even think how I would feel if I was in charge of securing and protecting military, commercial, and industrial data.

All of which leads us to the concept of self-encrypting drives (SEDs) — a type of hard disk drive (HDD) or solid state drive (SSD) that automatically and continuously encrypts the data on the drive without any user interaction.

But where do you find this type of beast? Well, I recently heard from the folks at Virtium that they've just announced their StorFly SED SDDs boasting support for AES-256 encryption.


(Source: Vitrium)

“Virtium's new SED SSDs are a perfect fit for embedded systems that require encryption in addition to our leading small-footprint, industrial-temperature, high-endurance, and low-power storage innovations,” said Scott Phillips, vice president of marketing at Virtium. “These encryption solutions support multiple SATA form factors, including 2.5″, 1.8″, Slim SATA, mSATA, M.2, and CFast. Additionally, they support all three StorFly classes – CE (MLC), XE (industrial-grade MLC) and PE (SLC). This new, broader array of SSD offerings provides OEMs and system designers with industrial security solutions not previously available without significant compromises to reliability. And while the consumer and enterprise markets may offer encrypted SSDs, they may not support the industrial temperatures, shock/vibration requirements and product longevity that Virtium's new SEDs do.”

A Virtium SED uses random AES encryption keys that are generated at product initialization (leveraging the drive controller's integrated random number generator), which are hashed and then stored within the drive itself. These keys are subsequently used in conjunction with the integrated AES encryption engine to encrypt and store the host data on the NAND flash without burdening the host system (unlike software-based encryption solutions). The encryption keys are non-retrievable and cannot be changed without the complete loss of the data on the SSD.

Virtium's new StorFly SEDs are Trusted Computing Group Opal 2.0-compatible and support hardware and software initiated crypto-erase and block-erase features that satisfy requirements of the National Institute of Standards and Technology Special Publication 800-88 Revision 1 Guidelines for MediaSanitization. These features are persistent through power interruption cycles.

For more information to Virtium's new StorFly SEDs and its broad portfolio of solid state storage and memory solutions, visit www.virtium.com, call 888.847.8486, or email .

10 thoughts on “Secure your data with self-encrypting drives (SEDs)

  1. “Now I think I understand what I sound like when I talk to my wife.nnAre you talking about the SSD in my Tower Computer on my desk? If so, all I remember about it is that it's an SSD … the “TCG Opal 2.0 + IEEE-1667” just went “whoosh” right over my

    Log in to Reply
  2. “You listed your components in an article about VR so yeah i was talking about your desktop.nnThe point was that your SSD has encryption too, just not enabled by default.”

    Log in to Reply
  3. “How does using an SED protect you from ransomware? I'm under the assumption that the ransomware used it's own AES key to encrypt the data, as it's being written to the drive (and now double encrypted by SED). Does SED know what it's encrypting/storing,

    Log in to Reply
  4. “That's a good point — I must admit I thought this myself while writing this up — and then I forgot about it again — it may be that all SED does is to stop other people accessing/reading your data, but it doesn't prevent Malware (or maybe it does) — l

    Log in to Reply
  5. “I don't believe that an encrypted drive will do anything to prevent malware or ransomware. When it is installed in your PC and you are logged in and running, it is effectively no longer encrypted from the view of the operating system, where the malware a

    Log in to Reply
  6. “Arrgggh — gnashing of teeth and rending of garb — I wish we lived in a world where security and encryption (and passwords) wasn't necessary because people simply wouldn't think of doing bad stuff — but maybe all of this is necessary to prepare us again

    Log in to Reply
  7. “I just heard back from the SED experts at Virtium who spake as follows:n nHow does using an SED protect you from ransomware? SEDs do not protect from ransomware; that's what firewalls and virus-protection software do. Self-encryption protects data at r

    Log in to Reply
  8. “Hi Max, the security of an SED is only really for 2 major situations:n1: when someone tries to take a drive out of a computer and read it's content on another computer in order to bypass any account security on the computer or BIOSn2: when someone tries

    Log in to Reply

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.