Seagate plans to offer drive-level FDE technology for data-at-rest applications beginning next year. It will be able to utilize the encryption key management system that IBM has been shipping with its TS1120 tape drive platforms for the past year. The data center disk encryption approach will be supported by multiple storage vendors, including LSI Logic, which also participated in Monday's announcement, providing a path for multisourced and compatible encryption platforms.
"Customers are well aware that their data is vulnerable, particularly as it leaves the data center for disposal, but to date there has not been a lot of encrypting of data on primary storage drives in the data center," Gianna DaGiau, product manager for Seagate, told InformationWeek. "We believe this is a significant step forward."
Data center administrators are finding strong motivation for encrypting data at rest, but at the same time many have been reluctant to implement drive-level encryption technologies due to concerns about loss of data if encryption keys are misplaced. Others have been waiting for greater standardization in the FDE market, she said.
The National Security Agency has made pubic statements in recent years that self-encrypting hard drives are a preferred strategy for encrypting data. Use of FDE can protect a business from liability in the event of data loss, as many states have enacted encryption safe harbor laws. Much of the emphasis on encryption has been centered on hard drives in laptop computers, which are highly vulnerable to theft or loss, but the security of data on drives within the data center will be the next step for encryption technology advancement, DaGiau said.
Data center disk drives are particularly vulnerable during the disposal process, and traditional methods of disposal "are riddled with shortcomings," DaGiau said. Formatting or deleting data can leave data that is still readable, over-writing can take hours or days, and shredding and degaussing are costly and time-consuming. Even the use of professional off-site disposal services can present the potential of drives being stolen or "falling off the truck."
"Data-at-rest encryption is an important topic in the industry," Abhi Talwalkar, president and CEO of LSI Logic, said in a statement. "The preferred implementation method is through encryption at the hard drive level. LSI is pleased to be working with other industry leaders and standards organizations to develop and deliver the most effective, standards-based encryption technology to the market."
The integration of IBM's Encryption Key Manager software protects users of FDE platforms from the potential of misplacing encryption keys by encrypting a key inside the drive itself. The management platform also provides capabilities for backup and synchronization, life cycle, audit, and long term retention strategies, said David Vaughn, manager of worldwide marketing for IBM's systems storage group.
"Customers have to be convinced that the procedures are in place that will ensure they don't lose access to keys," Vaughn says. "With this platform we are leveraging something that we know works and it is something our customers are very comfortable working with."