Security-storage device specifications finalized

According to the Privacy Rights Clearinghouse, since January 2005 there have been more than 252 millions records containing sensitive personal information compromised because of security breaches in the U.S.

Most of these breaches were because of the loss of computer equipment, more specifically the hard drive. When a laptop is stolen, chances are the information contained on its hard drive is worth a lot more than the value of the computer itself. And thousands of laptops are stolen each year.

For this reason, the Trusted Computing Group released Tuesday its final versions of three storage specifications designed to enable stronger data protection, including:

The Opal specification outlines minimum requirements for storage devices used in the PC client and enterprise markets. It outlines for vendors the required and optional TCG capabilities and specifies how to activate and customize the trusted storage device.

The Enterprise Security Subsystem Class Specification focuses on storage devices used in data centers and high-volume applications, where high performance is required. The specification defines encryption of data on media and enables support for strong access control to support organizational security.

Finally, the Storage Interface Interactions Specification specifies how the TCG's existing Storage Core Specifications interact with other specifications and standards for storage interfaces and transports. In short, it enables interoperability of trusted drives with existing hardware.

This is especially important as currently storage hardware vendors have already been using proprietary self-encrypting methods on hard drives. For example, Seagate uses Full-Disc encryption while Hitachi uses Bulk Data Encryption.

According to TCG, so far, most major storage vendors have announced their support, either fully or in part, to the group's new set of specification. These vendors include: Hitachi, Seagate, Toshiba, and Fujitsu.

[Laptop-Security]

This is a great step in the right direction. Standards are very helpful, especially as they enable interoperability. A hodge-podge of proprietary practices here only tends to slow down implementation by the vendors and adoption by the market. Meanwhile, much more data tends to be at risk, though thankfully good solutions already exist, such as MyLaptopGPS.com and TrueCrypt.org (though note again that hardware-level standardization is a great step forward).