Storage devices get common crypto standard

A group of tech heavyweights has agreed to use three cryptographic standards for storage hardware in PCs and datacentres, with the promise of making management easier
Written by Tom Espiner, Contributor

A group of major technology companies has agreed on common cryptographic standards for protecting data on storage devices.

The Trusted Computing Group (TCG), whose members include IBM, Sun, Microsoft, Seagate, Intel and AMD, produced the non-proprietary standards to help combat data loss.

"Lost and stolen data costs industry and consumers hundreds of millions of dollars, not to mention loss of credibility, legal issues and lost productivity," said Robert Thibadeau, the chair of TCG's storage workgroup, in a statement. "TCG's approach to Trusted Storage gives vendors and users a transparent way to fully encrypt data in hardware without affecting performance, so that data is safe no matter what happens to the drive."

The group announced three specifications on Monday. The Opal Security Subsystem Class Specification is designed for PC clients, the Enterprise Security Subsystem Class Specification is for datacentre storage, while the Storage Interface Interactions Specification focuses on the interactions between these storage devices and underlying SCSI/ATA protocols. The use of these specifications in encrypting hardware should ensure there is interoperability across a range of machines from different vendors.

Security analyst Jon Collins from Freeform Dynamics welcomed the standards, saying they were "fantastic, a good idea".

"The great thing is that this is a standard rather than a proprietary mechanism," Collins told ZDNet UK. "It's bizarre that people don't encrypt devices, but half the problem is that they don't know whether they'll be able to decrypt the data again afterwards."

Part of the problem with proprietary standards, such as Microsoft's Bitlocker, is that they are system-specific, Collins said. A big advantage in having a standard is that devices become much easier to manage, he noted.

"With a standard you can centrally manage devices and keys," Collins said. "If devices and systems are easier to encrypt and manage, then more people will want to adopt encryption. It's a virtuous circle."

Editorial standards