Full disk encryption can help sidestep the embarrassing public slip-ups stemming from lost and stolen equipment. Although encrypting sensitive data is not a new idea, recent releases serve to mitigate some of the issues that have made IT managers reluctant to embrace the technology.
LaCies Safe Mobile Hard Drive with Encryption is a portable external USB hard disk that features hardware-based DES (Data Encryption Standard) and TDES (Triple DES) encryption. LaCie officials estimate that 95 percent of users will opt for the stronger TDES encryption. TDES incurs only a modest speed penalty—the average 25MB-per-second throughput using DES slows to 18MB to 20MB per second under TDES.
However, LaCies solution doesnt address the pervasive IT misfortune of disappearing laptops. A promising option is Seagate Technologys fully encrypted 2.5-inch notebook drive, the Momentus 5400 FDE.2. The Momentus FDE.2 drive boasts integrated AES (Advanced Encryption Standard) 128-bit hardware encryption at full SATA (Serial ATA) 1.5G-bps line speed. AES, the current government standard, is faster and more secure than its DES and TDES predecessors. LaCie officials have indicated that they plan to add AES 128-bit encryption to the Safe drive but cited as a concern the difficulty in exporting AES technology overseas.
An Ultra ATA 100MB-per-second version of the Momentus FDE.2 drive has been available from Seagate for more than a year, but it isnt an option on most new laptops because most manufacturers have standardized on SATA hard drives. SATA-based Momentus FDE.2 disks are expected to be available in the first quarter of 2007.
Security measures are dependent on their consistent use in practice, so simplifying these processes for users can promote compliance with companywide security policies. Biometric fingerprint scanning on the LaCie Safe drive adds safety as well as convenience.
Similarly, the Momentus FDE.2 supports SSO (single sign-on) so that users need to remember only a single user name/password pair. Administrators also have the option of matching passwords to strong biometric or smart-card authentication methods. If a password is forgotten, a reset can be performed with an emergency recovery file stored on a thumb drive or other device.
Wiping hard drives was once a tedious, time-consuming process. With encrypted drives, safely repurposing or disposing of old equipment can be performed in a matter of seconds rather than hours. Removing the encryption key effectively wipes the drive clean by rendering the encrypted data useless.
Currently, full disk encryption solutions such as LaCies Safe drive and Seagates Momentus FDE.2 come with high prices, but, as more hardware-encrypted products enter the market, the price premium over nonencrypted drives will decrease.
IT managers also should weigh these options against Windows BitLocker Drive Encryption technology that will be included with the Enterprise and Ultimate versions of Microsofts forthcoming Windows Vista.
Technical Analyst Victor Loh can be reached at [email protected].