Self-Encrypting Hard Drives and the New Security

In a recent blog post, CNet's Jon Oitsik has called for a policy shift with respect to data encryption. A new standard by the Trusted Computing Group promises the availability of self-encrypting hard drives soon, leading some to call for immediate adoption. Will this create even more security problems due to lazy custodians, or should someone responsible for keeping your information safe be required to move to the new hardware? Hopefully the new hardware comes with a warning to continue to use other data protection measures as well.

Multiple security layers

[leromarinvit]

An additional layer of encryption can't be bad. If it's a good implementation with no critical bugs and backdoors, great, you've just made it harder for someone to get your data. If it isn't, it's still no worse than storing plain text.

Just don't rely on this as your only security measure.

Re:Propriety Encryption

[hweimer]

Actually, this is about a new specification created by the Trusted Computing Group, so it's fairly open stuff. However, I fail to see how this actually solves any of the problems related to recent data breaches. If you lose your notebook with all your data the attacker also gets access to the Trusted Platform Module and can decrypt the disk. If you want to securely transport your data, this is horribly inconvenient as the whole point is to be able to access the data on different machines (which this tries to prevent).

My experience with encrypted media

[argent]

My experience with hardware encrypted media makes me doubt anything good will come of this technology.

We had a large number of encrypted thumb drives, at one point, and all of them died and needed to be reformatted in short order... they were simply more vulnerable to data loss when (for example) you pulled them "too soon". One vendor wouldn't even allow us to reformat them without sending them a signed letter from the CEO (on corporate letterhead) asking for the formatting utility, and then when we provided it we got no further response from them.

We turfed all the "secure" thumb drives no matter what manufacturer and went back to application layer encryption.

Re:Propriety Encryption

[Lumpy]

Some people say no but I have seen this in action.

We had secure laptops here with encryption and smartcard security. Bought all Dell 620's with built in smartcard slot.. all was peachy.

We tested our security. 9 out of 10 laptops had the smartcard in them in the bag. AND their pin access number was on the laptop somewhere. os the encryption and any login security was overridden by user failure.

Re:I want one with a removable key

[afidel]

Biometrics are actually pretty bad from a security perspective, they are a fact which means once exposed they cannot be changed to avoid further compromise. If a biometric system were perfectly implemented this wouldn't matter, but none of them are so it's best to just use a smartcard for the something you have portion.