I've recently written about a new standard published by the Trusted Computing Group (TCG) for self-encrypting drives. With this standard, Fujitsu, Hitachi, Seagate, Toshiba, and Western Digital are shipping or will soon ship self-encrypting hard drives for laptop computers. This in turn should prompt a transition, where users will opt for systems with self-encrypting drives rather than install encryption software utilities.
To me, this conversion is inevitable since hardware-based cryptographic processing tends to lead to superior security and performance while eliminating the muss and fuss around software procurement, installation, and maintenance.
Given these benefits, I believe that the U.S. federal government should make self-encrypting drives a new standard for all federal system purchases. This would not only enhance the security of private data on federal systems but also help jump-start this tech industry transition. This is a perfect opportunity for the federal government to take the lead because:
Demand for encryption remains high. In 2006, the Office of Management and Budget instructed civilian agencies to put a plan together for laptop security within 45 days. Subsequent to this plan, agencies were supposed to encrypt all laptops. According to several estimates, somewhere between 50 percent and 60 percent of these laptops remain unprotected. If all new systems contain self-encrypting drives, federal agencies can focus their attention on a stop-gap plan for aging systems in the field.
The federal government has programs and people in place. The Department of Defense and General Services Administration have already established a "Data at rest Tiger Team" to address this problem in the defense community. It is safe to assume that this team knows what's out there, which systems are still vulnerable, and which ones are up for replacement. Adding systems with self-encrypting drives could provide this team with a new tool to accelerate this effort.
Self-encrypting drives could help secure the new Federal Desktop Core Configuration (FDCC). To improve security, federal officials are in the process of defining a set of FDCC guidelines for laptops and desktops. With self-encrypting drives, these systems will be secure upon delivery.
The Defense Department is slim on procurement people. Just last week, a team of experts told a Senate committee that the Defense Department is constrained by a lack of procurement people. OK, so here's a thought. Wouldn't it be more efficient to purchase systems with self-encrypting drives once rather than purchase systems and then purchase software? Oh, and self-encrypting drives would also eliminate the systems integration burden as well.
I could go on and on, but I think I've made my point. The federal government could improve security, lead the industry, and lower costs by embracing self-encrypting drives for all new systems. This should be plenty of motivation for federal agencies such as the General Services Administration, the Department of Defense, and others in the Beltway to get busy.
I've long been a big proponent of self-encrypting drives as the best way to encrypt data-at-rest on PCs and storage systems.
This belief became a lot more real in January when the Trusted Computing Group published three storage encryption standards for laptops, enterprise storage, and software interoperability. Fujitsu, Hitachi, Seagate, and Toshiba support these standards and are already shipping self-encrypting drives.
In February, IBM joined the fray, further validating the self-encrypting drive standard. IBM announced that its massive DS8000 storage system will now offer self-encrypting drives to protect the confidentiality and integrity of data-at-rest. LSI, another leading storage system vendor, is also on board.
I have to believe that Fujitsu and Hitachi will soon follow this trend. Both companies currently offer encrypting storage systems that use a cryptographic processor resident in their storage controllers. Since both companies supply self-encrypting drives, it is likely that they will replace encrypting controllers with self-encrypting drives in future product revisions.
It seems to me that the dominoes are falling at an accelerating pace and that within two to three years, every device that ships with a hard drive or solid-state disk will offer self-encrypting drives. Chief information security officers, purchasing managers, management software vendors, and government agencies should plan for this inevitability.
- prev
- 1
- next
