News
News
2/15/2006
08:18 PM
Connect Directly
RSS
E-Mail
50%
50%

Trusted Computing Standard Coming To The SAN--And The Sneakernet

Seagate has the first encrypted storage drive based on a new standard designed to make data breaches from stolen laptops less common.

Trusted Computing chips are already built into most new business PCs. At this week’s RSA Security show, the Trusted Computing Group unveiled a draft specification that will add a simplified version of the chip to storage devices, too. Intended mainly for hard disks and USB flash drives, it can be used for both and portable and networked storage.

Seagate Technology last year launched a laptop drive that automatically encrypted all data at wire speed. At the show, the company announced that this was based on the draft specification, which allows encryption keys to be transferred between drives and the Trusted Platform Module (TPM) chips in PCs.

No other companies have yet announced products compliant with the new trusted storage spec, but that's the promise from the Trusted Computing Group. “There’s a lot more to follow,” says Michael Willett, Seagate’s Director of Research. “Everyone in the storage industry is involved in this.” The group's membership roster includes more than 120 companies, of which 39 are participating in the storage effort.

The spec is still at a draft stage, and so far Seagate only makes one drive with full-disk encryption: the Momentus 400, available in capacities from 40 to 120 GB. But the company has big plans. “It will be everywhere,” says Willett. “We have this on our roadmap for our complete product range.”

The TPM can already encrypt data stored on a PC’s local hard disk, using software provided by the PC manufacturer or third parties such as Wave Systems. Microsoft has also said that this capability will be built into Windows Vista when running on a TPM-equipped PC, through a feature called Secure Startup. However, a standalone TPM limits the data to a single PC: the encryption key is stored on that PC’s security chip, so the encrypted drive is useless if removed.

The new trusted storage spec is more flexible, allowing data to be accessed from multiple PCs. It works by putting the encryption key on the storage device itself, but only decrypting data for PCs that can prove their identity using their TPMs. For example, a USB drive could be set to carry data between a person’s home and office machines, but not function when plugged into any other PC.

The spec is also aimed at storage networks, though this will require servers with TPMs. Those are relatively rare, because the main function of the TPM so far has been to encrypt data in case of loss or theft. Around 1 in 10 laptops are ultimately stolen, while servers sit safely inside locked datacenters, so laptops were a priority.

Still, full-drive encryption does have benefits on servers, even those that aren’t connected to storage networks. The most important is that it simplifies disposal of old equipment: A PC or drive can be sold or scrapped with less fear that dumpster divers will be able to access trade secrets or customers’ private data.

“IBM is already shipping some servers with a TPM,” says Clain Anderson, director of security and wireless at Lenova. “We expect to see them become a lot more widespread.”

Critics of Trusted Computing have long warned that it is really intended for consumer DRM, so trusted storage raises obvious fears. Because it requires that a simplified TPM chip travel alongside the encrypted data, it’s unlikely to be applied to media such as CDs and DVDs. However, it or a similar TCG spec for cell phones published last year could eventually be used by music, video or e-book download services to restrict content transferred to MP3 players and other portable gadgets.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek - July 21, 2014
Our new survey shows fed agencies focusing more on security, as they should, but they're still behind the times with cloud and overall innovation.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
In this special, sponsored radio episode we’ll look at some terms around converged infrastructures and talk about how they’ve been applied in the past. Then we’ll turn to the present to see what’s changing.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.