The self-encrypting drive you may already own

The self-encrypting drive you may already own

Summary: Wondering how to keep sensitive data safe? You may already own a self-encrypting drive - with free, built-in 256-bit encryption - and not even know it. Here's the scoop.

SHARE:
7

I'm at the pre-CES Storage Visions conference in Las Vegas. A panel on self-encrypting drives (SED) and additional discussion schooled me on just how widely available - and unknown - SEDs are.

 

SEDs have several advantages over host-based software encryption.

  • No key mgmt
  • No additional life cycle cost
  • No disposal cost
  • No performance impact
  • Standardized
  • Looks like a regular drive - no app changes needed

 

Even better, in many jurisdictions, drive encryption is a "safe harbor" against mandatory data breach notifications. If you lose an SED notebook loaded with sensitive medical data, you may not have to go to the expense and embarrassment of notifying patients of the loss.

 

But where do you find these magical SEDs? Most new WD external drives and many of their internal drives have SED built-in - at no extra cost. Supported external drives include:

  • My Passport
  • My Passport Edge
  • My Passport Air
  • My Passport Studio
  • My Passport Ultra
  • My Book (USB 3.0)
  • My Book Studio (USB 3.0)

 

By default the encryption is turned on, but there is no password unless you put one in using WD Security software. For good reason: if you lose your password your data is gone. Forever. There is NO recovery.

 

But if you want to use it, download and install WD Security software and put in a password. You can choose to enable auto-unlocking from your PC.

 

The Storage Bits take

Encrypted data as near as your recent WD external drive? Believe it.

 

But also take responsibility. If you encrypt your drive the fate of your data rests squarely on you. Don't screw up.

 

Comments welcome, as always. I asked what backdoor had been put in to meet NSA requirements. A guy from the standards committee said they'd rejected an FBI request for one. A security consultant said you should assume a backdoor is always there. What do you think?

Topics: Storage, Hardware, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Can one trust it to be stable?

    Can one trust it to be stable?

    A lot of drivers and third party software by hardware vendors are, frankly, crap.

    They invest just enough resources to satisfy minimum requirements. Any extra resources they have go to branding and silly skins on their software.

    Because heaven help them if they actually make their drivers look like a regular Windows app. Who knows what could happen if you don't put a silly skin on your drivers? It could explode. #sarcasm

    I'd rather they invest time and money towards debugging.

    . . . I think I'll stick to TrueCrypt if I want an encrypted drive.
    CobraA1
    • Stability should be good

      Why? Because the SED is completely self-contained - there is no driver or external software - other than the app used to create a password. The drive looks like a standard drive to the system as the encryption starts after the data arrives at the drive.

      Robin
      R Harris
      • Being self-contained does not mean being bug free . . .

        Being self-contained does not mean being bug free . . .

        . . . learned that when I used motherboard-based RAID once. The controller on the motherboard wasn't entirely stable.

        . . . and the password has to be set somehow . . .
        CobraA1
  • Never trust binary only software ...

    "WD Security software" only windows/mac binaries, WD firmware : binaries ...
    Only open-source software can provide a secure encryption. Never trust binary only software.

    "if you lose your password your data is gone. Forever. There is NO recovery." :
    Ask NSA to recover your data ...

    Like CobraA1 I stick to truecrypt
    guyr34
  • WD drive encryption

    Which is precisely why a while back when I was looking into what kind of external drives to use for all my photos, I decided against WD. I needed to clear up space on my internal drive, and I was getting more into photography, so did some research. I decided against one common brand used a lot by professionals because there was some quality control issues with their transformers, which made me look into how easy it would be to recover the data if the controller or power brick died. A forum for data recoverers was very enlightening and somewhat frightening in regards to all WD drives, since they all have an encryption chip which encrypts everything whether you set a password or not. In other words, if something goes wrong but the hard drive is ok, your only chance of recovery is to source an identical replacement part and revive the drive, or put the drive into the exact same model case, since an older or newer controller won't be able to read the drive. I was able to confirm this when the controller of a friend's drive died, and ripping the controller from another WD drive of the same name (WD Essentials) didn't work because it had a newer controller and different encryption chip. So I had to buy a controller from eBay with the exact same part number. That worked, and their photos recovered.
    For all my backups, I use Seagates without any encryption, which means I can put the drive into any dock and read it, and not rely on being able to source a discontinued model drive controller from eBay.
    Of course these are desk drives, not portable drives which might be lost or stolen, nor do they have sensitive information on them. But it is worth knowing if your only copy of photos or data is on a WD external drive, make sure you backup that drive onto a second drive, because without a specific encryption chip, your data is toast.
    msandersen
    • Great reason to back up!

      Anyone who keeps valued data in a single place - other than an M-disc in a safe deposit box - is asking for data loss, which has nothing to do with encryption.

      Encryption makes recovery more challenging, as you noted, but backing up is the answer, not avoiding SEDs. LOCKSS: Lots Of Copies Keeps Stuff Safe!

      Robin
      R Harris
  • I'd plan on there being a back door

    but not really care because they have to get the physical drive for it to be helpful, and besides, I don't store anything that I really worry about.

    On the WD drives, if the encryption is disabled, does the read/write speed pick up somewhat? I would hope so, and that it can be disabled, because I have dealt with hardware screw-ups making data unreadable before, and it is not fun.
    chrome_slinky@...