Toshiba Unveils Self-Encrypting HDD for Automatic Data Security

Toshiba unveiled a new family of hard disk drives with a security twist: They are self-encrypting.

There have been several incidents where a laptop was lost or stolen, and sensitive information was exposed because the data was not encrypted. With these Toshiba drives, IT departments know all the data stored on those systems are automatically secured.

The MKx61GSYG line of self-encrypting hard drives will automatically store data using the 256-bit AES encryption and prevent the data from being accessed if the drive is used inside an unfamiliar computer, Toshiba said April 12. The drives can be configured with invalidation attributes to scramble or deny access to protected data, depending on specific use cases.

The 2.5-inch two-platter 7,200 rpm drives will use the 3G bps Serial ATA II interface and have 16MB of buffer memory. The drives will be available in 160GB, 250GB, 320GB, 500GB and 640GB capacities.

The drives are intended for professional use where there are specific privacy and data-security concerns. The self-encrypting drives can be used in copiers, multi-function printers and point-of-sale systems. They can be used in government, financial, medical and other environments where there is a lot of sensitive information.

"Digital systems vendors recognize the need to help their customers protect sensitive data from leakage or theft," said Scott Wright, a product manager in Toshiba's storage device division.

When a system containing the SED HDD turns on, the hard disk drive attempts to authenticate with the host. The drive can be configured to deny any access to the drive if the host is not recognized, regardless of whether that’s because of a system failure or because the drive has been moved to new hardware. There is also an option to configure the drive to perform a cryptographic erase on certain sections of the data to delete the keys needed for decryption. Once those keys are removed, the saved information is permanently encrypted and unreadable even if the drive is added back to the original system.

Toshiba’s data invalidation attributes can be set for various scenarios, including a user entering the data invalidation command, when the SED is installed into unknown hardware, and every time the system is power-cycled. Too many invalid unlock commands will also cause the drive to lock up and invalidate the data, Toshiba said. The company called the ability to offer multiple data-security options an “industry first.”

The range of data-wipe-configurations gives designers a choice in security options that can be easily incorporated into existing hardware.

The proprietary second-generation data-wipe technology was designed according to the Trusted Computing Group “Opal” storage specification. Opal allows devices to create authentication policies to determine which hosts are trusted.

Organizations can use the MKxx61GSYG drives to protect against data loss resulting from lost or stolen notebooks. They can also use the drives within copier and printer systems so that the images of potential confidential documents are not readily accessible to anyone trying to steal them.

The drives will be distributed later this quarter to select system manufacturers and independent software vendors so that they can integrate the data-wipe technology features, according to Toshiba.