A NEW HARDWARE-BASED encryption technology from Seagate Technology could become standard in a few years as a means to combat data theft from stolen or lost laptops.
Dubbed DriveTrust Technology, encryption is integrated directly into the drive itself. Most other encryption technologies reside in a separate application or as part of the operating system. The technology had been available for the DV35 series hard drives that Seagate makes for digital recorders, but not in a PC-based system. The first Seagate laptop hard drive to feature the technology will be the Momentus 5400 FDE.2.
“This will be the first time anyone’s ever baked an (encryption) chip right into the drive,”
according to Seagate spokesman Michael Hall. “The encryption keys for this drive are hidden in what we call secure partitions. If you take, for instance, a 200 GB drive, about 10 per cent of that storage is unaddressable by outside resources. We store the encryption keys in that hidden space so that none of the other resources in the computer can get to it. With software encryption, you have the keys floating around in the OS,” said Hall.
The password-based system prompts the user at boot to unlock the drive. The drive also allows an administrator to add other security-based applications to the drive such as organization-wide encryption key management or multi-factor authentication.
A hardware-based encryption system has been thought possible for a long time now but complexity may have delayed its appearance in a product, said Brian O’Higgins, CTO of Third Brigade, a security software provider based in Ottawa.
“You knew they were coming five years ago, it’s just taken them a long time to get to the market. Whenever you talk about encryption, there’s always a lot of complexity about it. It’s all about managing the keys. You need a proper standard,” he said.
Hardware security solutions aren’t completely unheard of. A non-software approach has been developed before, said O’Higgins, but typically on a PC motherboard or as a data centre solution across multiple hard drives.
He said it will probably be only a year or two before encrypted laptop hard drives become commonplace, particularly if a manufacturer the size of Seagate is backing the technology.
Charles Kolodgy, research director of security products for IDC, agreed that this approach to encryption will likely become a standard, particularly for enterprise laptops. “We’re beginning to see a greater interest in data encryption, I think. Even this year, you had a lot of personal records that were lost over the network, but many, many more were lost from laptops.”
He warned that “given unlimited time and unlimited resources, you can break anything,” but a locked down hard drive would deter all but the most persistent data thieves.
But under some circumstances, that level of encryption could complicate matters for the user as well, argued Bill Margeson, CEO of CBL Data Recovery Technologies, based in Markham, Ont.
If a disk becomes damaged, for example, encryption can complicate the recovery process, he said.
“With about 25 per cent of what we see, the media, for various reasons becomes damaged throughout the platter surface. This really complicates getting intelligible data back. The decryption doesn’t have enough to work with,” he said. “It does add another layer of complexity.”
Margeson said software-based encryption solutions are commonly available to lock down disk drives, but tend to be underutilized by OEMs due to lack of interest. However, he acknowledged there are populations of users that desire added security. “I guess there will be a need, in the right place.”
Seagate is marketing its drive as a means for organizations to meet compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) in the U.S. In Canada, the technology would be most applicable to the Personal Information Protection and Electronic Documents Act (PIPEDA) which governs the way information belonging to private citizens is collected and utilized by organizations. It also governs the number of years that information can be kept on file.