Securing your data: Full disk hardware encryption -- part 1

The best way to protect the data on a desktop or notebook system is to replace the existing drive with a solid-state drive featuring full disk encryption.
Written by Adrian Kingsley-Hughes, Senior Contributing Editor

Data loss is bad enough, but having that data fall into someone else's hands -- especially if they happen to be the wrong hands -- can be disastrous. While in an ideal we shouldn't be losing data in the first place, we should always hope for the best but plan for the worst.

Integral_SSD_001_smIn this, the first in a two-part series, I'm going to start by looking at how to protect data on desktop or notebooks PCs.

The best way to protect against data loss once a piece of hardware has left your possession is through the use of encryption. While countless software solutions -- free software solutions even -- exist for protecting the data stored on a desktop or notebook computer, I prefer to take a more holistic approach and replace the entire storage drive with a drive that offers hardware-based encryption.

I firmly believe that a hardware approach to encryption is a far better bet because a good hardware solution won't allow the end user a way to bypass it.

The easiest way to add hardware-based encryption to an existing desktop or notebook system is to replace the existing drive -- whether it be a hard drive or a solid-state drive -- with a solid-state drive featuring full disk encryption.

An excellent example of a drive that features built-in hardware encryption is the Integral Crypto SSD SATA drive. This drive is available in 32GB, 64GB, 128GB and 256GB and comes complete with a caddy to allow it to be fitted into a 3.5-inch bay.

The only requirements for you to be able to use this drive is that your PC uses SATA -- most PCs made in the past few years support SATA -- and tha it runs Windows XP, Windows Vista or Windows 7. This drive features AES 256-bit hardware encryption to allow you to encrypt and protect your sensitive data while at the same time getting the performance, reliability and power benefits of a solid state drive. Once encryption is set, a valid user name and password is required to access the Crypto SSD prior to system boot.

The Integral Crypto SSD is FIPS 197 validated and is an ideal drop-in replacement for a standard hard drive in a desktop computer or laptop. The Crypto SSD also makes use of "Master" and "User" dual passwords where an admin can set-up a user password along with a master override password. If the user forgets their password, the Crypto SSD can be unlocked by an admin and the user password can be reset. The drive also enforces that a high-strength 8-16 character alphanumeric password must be used, and there's even brute-force password attack protection where the encrypted data is automatically erased after the default six failed password attempts (you can modify this to a maximum of 20 attempts).

For use in an enterprise situation, the Crypto SSD is also compatible with endpoint security solutions by using the configurable unique ID feature, which is part of the drive's on-board software.

For added peace of mind the drive features an anti-clone feature that prevents it from being clones once the encryption is set.

Replacing an existing drive with a drive like the Crypto SSD isn't difficult. In fact, it's a simple three-step process, and Intgral outlines clearly what you need to do to get your drive working:

  • Clone the existing drive -- or make an image of the operating system and data -- prior to installing the Crypto SSD. If you are not looking to keep your old Windows install you can go ahead and install a fresh copy of Windows onto the Crypto SSD after it has been fitted in your laptop or desktop PC.
  • Pop the Crypto SSD into your laptop or desktop PC. I've installed the drive into a desktop and a notebook and it takes less than 5 minutes -- with practice you should be able to do the same.
  • Finally, run the "SSDLock" application -- which is supplied on a USB -- to set the encryption and specify usernames and passwords. Then you reboot the system.

And that's it.

Your system is now protected by full disk encryption and every time it is booted up a valid username and password is required to access the system. It's also quick to do, with the whole process -- including replacing the drive and copying over the image of the operating system -- taking me less than 30 minutes.

So far, I've tested the drive itself, along with the login feature, and the admin password recovery feature and everything works as expected. The drive is fast, silent and cool during operation.

I've also imputted the password incorrectly a few times and got the drive to wipe itself -- a process that it both fast and leaves no recoverable data on the drive.

All in all, the Integral Crypto SSD is an awesome drive and comes highly recommended.

Editorial standards