All enterprise disk drives today support some type of encryption at the drive level, at least those from the big 3 vendors. But I’m not sure about some of the enterprise SSD vendors, though that’s not the point. I know of very few people using the full disk encryption for enterprise disk and SSD drives. So I asked myself the question why not?
After doing some research I think there is plenty of blame to go around. First, the big storage enclosure vendors do not seemingly want to add this feature. I am not sure why, but it seems that the interface to the hundreds or thousands of drives to manage is going to be difficult, especially if there are multiple drive vendors in the mix.
The second reason is that key management is a complex and difficult problem. If you lose the keys – or the key management system fails and is not backed up properly – you can have a really bad mess, like loss all of your data or not be able to add drives. Neither of which is good and likely the storage enclosure vendors do not want to have to deal with this. And rightly so, as it is complex and has the potential for some really bad consequences.
We have all read about used disk drives being sold on the open market with data like your SSN number or medical records still on the drive. This problem could be a thing of the past with encrypted drives, but it is not as easy as it might be for, say, your home computer or laptop. The world needs standard easy to use and easy to backup and restore key management solutions for disk drives – and it needs them integrated into storage controllers and it needs them now.