Disk Drive Security

By Henry Newman

How many of you are using the FIPS-140-2 (Federal Information Processing Standards) based encryption that is available in most enterprise drives?

I bet the number is pretty low. Why? The disk drive vendors have had per disk drive encryption in hardware with no performance differences for a few years. So which vendors support this really useful feature? I know of very few that do. As with any other feature, if we do not demand it from the storage vendors, they are not going to do it.

The big issue, the way I see it, is key management. Managing keys for a few disk drives is pretty easy. Managing keys for hundreds or thousands of drives behind a RAID controller is difficult but still is a solvable problem

What are the storage controller vendors waiting for?

I want disk drive security so that when a disk is taken out of a system no data is readable from the drive. I want this for my medical records, and I want it for my financial records. I want to make it foolproof, and the FIPS-140-2 standard makes it fool proof.

We all need to start requesting and requiring where possible that all storage controllers support per drive key management so that this feature can be used. Using this feature means disk drives no longer have to be wiped when you change out storage systems. It means that no one can get sensitive data off of a drive. But it also means that you have need do a good job with key management, or you could potentially lose all of your data. Maybe that is the worry that the storage controller vendors have. I do not know what the issue is, but I want this feature.

This article was originally published on August 01, 2013