Storage devices get common crypto standard

Summary:A group of tech heavyweights has agreed to use three cryptographic standards for storage hardware in PCs and datacentres, with the promise of making management easier

A group of major technology companies has agreed on common cryptographic standards for protecting data on storage devices.

The Trusted Computing Group (TCG), whose members include IBM, Sun, Microsoft, Seagate, Intel and AMD, produced the non-proprietary standards to help combat data loss.

"Lost and stolen data costs industry and consumers hundreds of millions of dollars, not to mention loss of credibility, legal issues and lost productivity," said Robert Thibadeau, the chair of TCG's storage workgroup, in a statement. "TCG's approach to Trusted Storage gives vendors and users a transparent way to fully encrypt data in hardware without affecting performance, so that data is safe no matter what happens to the drive."

The group announced three specifications on Monday. The Opal Security Subsystem Class Specification is designed for PC clients, the Enterprise Security Subsystem Class Specification is for datacentre storage, while the Storage Interface Interactions Specification focuses on the interactions between these storage devices and underlying SCSI/ATA protocols. The use of these specifications in encrypting hardware should ensure there is interoperability across a range of machines from different vendors.

Security analyst Jon Collins from Freeform Dynamics welcomed the standards, saying they were "fantastic, a good idea".

"The great thing is that this is a standard rather than a proprietary mechanism," Collins told ZDNet UK. "It's bizarre that people don't encrypt devices, but half the problem is that they don't know whether they'll be able to decrypt the data again afterwards."

Part of the problem with proprietary standards, such as Microsoft's Bitlocker, is that they are system-specific, Collins said. A big advantage in having a standard is that devices become much easier to manage, he noted.

"With a standard you can centrally manage devices and keys," Collins said. "If devices and systems are easier to encrypt and manage, then more people will want to adopt encryption. It's a virtuous circle."

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.