Tales of the Encrypted Drive
Angling for users who want a new way to secure their data, small storage vendor WiebeTech this week announced the first model in a line of external hard drives that offer built-in encryption. This drive also illustrates some of the changes that take place when a product moves through its development cycle, sometimes for the better.
A half-year ago, I described WiebeTechs plans for FireWire Encrypt, a hard drive that would provide hardware-based encryption independent of any host-based security architecture. (For more information, see "Locking Down Data in the Drive.")
The details for the Encrypt line have changed a bit over time because of some technological issues, according to President James Wiebe. The final shipping versions offer a different mix of encryption performance, interface and authentication than the combination he described at our last meeting.
All the announced drives come with a 120GB hard disk mechanism, although the company said it is currently qualifying capacities up to 300GB, which will be available in the fall. The company will also offer bare drive enclosures later.
The drives will come in a range of encryption strengths: forty-, 128- and 192-bit key lengths. The top encryption level was originally going to be 128-bit before the company added support for the higher bit length, a move that may make the drive more attractive to government customers. In addition, Wiebe will offer a Tempest-hardened enclosure sure to please that segment.
The DES/TDES encryption and decryption is performed in real-time. To the user, application and operating system, the drives appear and function as ordinary FireWire and USB 2.0 drives, and users will not see a difference in data-transfer performance, Wiebe said. Everything is encrypted, including partition information.
Originally, the company expected to ship a single enclosure that would offer both FireWire and USB 2.0 interfaces. Instead, the Encrypt drives come with one or the other interface. Wiebe had hoped to embed the encryption algorithm into the FireWire bridge chip, which would have supported both interfaces. However, Wiebe said the speed was a problem, and now the encryption is performed on a separate processor.
Users authenticate the drive with a hardware keya USB dongleinstead of accepting a software key from the host. Each drive ships with a pair of keys.
According to Wiebe, these keys cant be readily copied, and the technology to produce a duplicate key is expensive. The company in the fall will offer an "embargoed key service" that keeps on file the encryption key for each drive in case the key is lost.
The enclosure also functions as a single-bay dock, and users can purchase additional trays for drive mechanisms. The first model in the FireWire Encrypt and USB2 lines will support 40-bit encryption and cost $339.95.
So what are the markets for the Encrypt drive, outside the obvious governmental customers?
Wiebe said the architecture will let managers easily limit access to data that needs greater securityfor example, personal data on a corporate intranet. With an ordinary storage bay, the drive must be physically removed to limit access and physically secure the data. However, for the Encrypt drive, the authentication is simply withheld, and the drive can remain connected to the computer or server without concern that the private files will be accessible.
One longtime storage-industry observer opined that there was only a "very, very limited appeal for such a product. Such a drive is only for those with an almost neurotic worry about their data."
(Perhaps he underestimates the privacy concerns of some users. I recently spoke to a tape-product manager who said a customer had recently inquired about explosive cases for backup sets!)
I can see a number of potential growth markets for the technology, especially ones that model current workflows. Certainly, the drive would be perfect for the physical transport of digital movies from the distributor or studio to the theater. With 192-bit encryption, nobody will be burning a copy for the pirate DVD market. One key would be kept at the distribution point and the other at the theater. Just dont ship it with the drive.
I wonder: Can the transport of a 192-bit encrypted hard drive really be considered sneakernet? Or is it more iron-boot-net? Would you buy an encrypted drive? And what would you use it for? Let me know what you think.
David Morgenstern is a longtime reporter of the storage industry as well as a veteran of the dotcom boom in the storage-rich fields of professional content creation and digital video.