The self-encrypting drive you may already own
I'm at the pre-CES Storage Visions conference in Las Vegas. A panel on self-encrypting drives (SED) and additional discussion schooled me on just how widely available - and unknown - SEDs are.
SEDs have several advantages over host-based software encryption.
- No key mgmt
- No additional life cycle cost
- No disposal cost
- No performance impact
- Standardized
- Looks like a regular drive - no app changes needed
Even better, in many jurisdictions, drive encryption is a "safe harbor" against mandatory data breach notifications. If you lose an SED notebook loaded with sensitive medical data, you may not have to go to the expense and embarrassment of notifying patients of the loss.
But where do you find these magical SEDs? Most new WD external drives and many of their internal drives have SED built-in - at no extra cost. Supported external drives include:
- My Passport
- My Passport Edge
- My Passport Air
- My Passport Studio
- My Passport Ultra
- My Book (USB 3.0)
- My Book Studio (USB 3.0)
By default the encryption is turned on, but there is no password unless you put one in using WD Security software. For good reason: if you lose your password your data is gone. Forever. There is NO recovery.
But if you want to use it, download and install WD Security software and put in a password. You can choose to enable auto-unlocking from your PC.
The Storage Bits take
Encrypted data as near as your recent WD external drive? Believe it.
But also take responsibility. If you encrypt your drive the fate of your data rests squarely on you. Don't screw up.
Comments welcome, as always. I asked what backdoor had been put in to meet NSA requirements. A guy from the standards committee said they'd rejected an FBI request for one. A security consultant said you should assume a backdoor is always there. What do you think?