Keep Your Data Secure: Fighting Back With Flash

Similar documents
Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

Samsung SED Security in Collaboration with Wave Systems

Data Security Using TCG Self-Encrypting Drive Technology

Self-Encrypting Hard Disk Drives in the Data Center

ACER ProShield. Table of Contents

Solid-State Drives with Self-Encryption: Solidly Secure

Encrypted SSDs: Self-Encryption Versus Software Solutions

Data Security using Encryption in SwiftStack

Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

Gain Complete Data Protection with SanDisk Self-Encrypting SSDs and Wave Systems

Intel RAID Controller Premium Feature Key Training

Complying with PCI Data Security

Seagate Secure Technology

XTREMIO DATA AT REST ENCRYPTION

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

Self-Encrypting Drives

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Navigating Endpoint Encryption Technologies

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

State of South Carolina Policy Guidance and Training

How To Write A Health Care Security Rule For A University

Security Architecture Whitepaper

A Guide to Managing Microsoft BitLocker in the Enterprise

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Only 8% of corporate laptop data is actually backed up to corporate servers. Pixius Advantage Outsourcing Managed Services

PCI Data Security Standards (DSS)

Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

HIPAA Security. assistance with implementation of the. security standards. This series aims to

Seagate Instant Secure Erase Deployment Options

Innovative Secure Boot System (SBS) with a smartcard.

White Paper. BD Assurity Linc Software Security. Overview

Managing BitLocker Encryption

Self-encrypting drives (SED): helping prevent data loss, theft, and misplacement

Powered by. FSS Buyer s Guide Why a File Sync & Sharing Solution is Critical for Your Business

Egnyte Security Architecture

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Tufts University. COMP116 Introduction to Computer Security. Recovery After Losing the Physical Device

PCI DSS COMPLIANCE DATA

Enterprise Data Protection

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

256-bit AES HARDWARE ENCRYPTED SOLID STATE DRIVES

Sharpen your document and data security HP Security solutions for imaging and printing

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

HIPAA: Understanding The Omnibus Rule and Keeping Your Business Compliant

Overview of Data Security Methods: Passwords, Encryption, and Erase

Bring Your Own Device (BYOD) and Mobile Device Management.

VDI Security for Better Protection and Performance

Introduction. Purpose. Reference. Applicability. HIPAA Policy 7.1. Safeguards to Protect the Privacy of PHI

Unified Security Anywhere HIPAA COMPLIANCE ACHIEVING HIPAA COMPLIANCE WITH MASERGY PROFESSIONAL SERVICES

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

SERVER, DESKTOP AND PORTABLE SECURITY. September Version 3.0

Choose Your Own Device (CYOD) and Mobile Device Management. gsolutionz.com

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

EMC VMAX3 DATA AT REST ENCRYPTION

The Essential Security Checklist. for Enterprise Endpoint Backup

ipad in Business Security

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

SecureD Technical Overview

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners

Full Drive Encryption with Samsung Solid State Drives

McAfee Enterprise Mobility Management

efolder White Paper: HIPAA Compliance

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

Comprehensive Endpoint Security

The 12 Essentials of PCI Compliance How it Differs from HIPPA Compliance Understand & Implement Effective PCI Data Security Standard Compliance

Intel RAID Premium Features

The True Story of Data-At-Rest Encryption & the Cloud

Healthcare Compliance Solutions

How to use the Alertsec Service to Achieve HIPAA Compliance for Your Organization

Making Data at Rest Encryption Easy

Did you know your security solution can help with PCI compliance too?

How To Protect Your Data From Harm

WHITEPAPER XMEDIUSFAX CLOUD FOR HEALTHCARE AND HIPAA COMPLIANCE

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

iphone in Business Security Overview

Data Access Request Service

What You Need to Know About Cloud Backup: Your Guide to Cost, Security, and Flexibility

HIPAA Security COMPLIANCE Checklist For Employers

Enhancing Organizational Security Through the Use of Virtual Smart Cards

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

HIPAA Security Alert

Ensuring the security of your mobile business intelligence

Transcription:

Keep Your Data Secure: Fighting Back With Flash CONTENTS: Executive Summary...1 Data Encryption: Ensuring Peace of Mind...2 Enhanced Encryption and Device Decommission in the Enterprise...3 Freeing Up IT Resources...4 The Micron Approach...4 Conclusion...5 Executive Summary For enterprises of any size, data at rest protection remains a critical concern. Currently, with more corporate reliance on mobility and the use of portable devices (laptops, tablets, etc.), the definition of a data storage endpoint goes well beyond a traditional desktop. Such security is increasingly important for all sections of an enterprise, from the personal laptops and portable devices that employees use, to storage devices in the data center. The situation is compounded by the fact that today s data center is comprised of recording media that had not been traditionally considered to be removable: hard drives, SSDs, other storage devices, even servers. All are becoming smaller in physical size, which is good for space and power efficiency, but adds portability, which can be a key concern. It s now easier than ever to lose sensitive business data. These are important reasons why encryption of both stationary data and data-on-the-go should be part of the overall security strategy for any large company. In addition, the growing need of information security to comply with a number of federal and industry regulations cannot be understated.

As corporate leaders adopt specific measures, they re benefiting from an important feature: the transition of the encryption workload from the CPU to the storage device. Security built into data storage hardware, such as a fully encrypted SSD, ensures a lack of performance degradation, compared to a similar SSD that does not encrypt data. In this white paper, we explore the benefits of hardware encryption for strengthening data security across the enterprise while freeing up IT to take on other important data center tasks. Data Encryption: Ensuring Peace of Mind As today s corporate workforce transitions from reliance on desktops to the increased flexibility of mobile computing, this very mobility threatens the safety of corporate data. Moreover, removable media and the increased portability of computers and storage devices have made data more vulnerable than ever to loss or theft. Firewalls, virus protection, security protocols, and software tools all offer key safeguards, but selfencrypting drives (SEDs) provide the last line of defense, protecting critical data stored at the endpoints. AES (Advanced Encryption Standard) 256-bit encryption built into the storage hardware is the gold standard for keeping sensitive corporate data locked down and secure. A Self Encrypting Drive (SED) means data is automatically encrypted and decrypted through an AES engine built directly into the SSD. Removing the encryption burden from the host computer, and moving the encryption workload off to the storage device, ensures that stored data receives the highest level of 256-bit encryption with absolutely no performance penalty. Moreover, verifiable protection protocols ensure that lost data is unreadable, no matter what happens to that device. It s important to note the SED by itself is not the complete solution in protecting data at rest. Also necessary is encryption management software, which provides the interface to the device to enable encryption and allows only authenticated access to the device. These software packages enable strong authentication to protect against unauthorized access to a lost device. In addition, such encryption tools provide advanced capabilities to ensure data remains safe, no matter where a device is located. Centralized password backup and corporate-level access and authentication represent two additional capabilities to protect data. Bringing such advanced features to market requires well-designed and widely accepted protocols and standards. As a globally recognized, not-for-profit organization, the Trusted Computing Group (TCG) is the body that brings these standards to the world. The goal of the TCG is to enhance the security of the computing environment in disparate computer platforms. TCG protocols for data storage devices can bring verifiable security to any business that stores sensitive data. Business-based content of all sorts can benefit, from employee-focused data and protected health information to corporate tax and financial records and reports. 2

The TCG maintains protocols that cover encryption and data protection across the full spectrum of computing environments, from endpoint and data processing to data transmission. However, the pertinent protocols specifically for data storage are the storage sub-system classes (SSC): TCG SSC Opal: This protocol refers to mobile computing performed using laptops and tablets as well as to aspects of desktop computing. It effectively secures data at rest for powered off or authentication-locked devices. The Opal protocol provides for pre-boot authentication, which enables authentication before the operating system boots, preventing any OS-level application from detecting or intercepting the authentication key or password. TCG SSC Enterprise: This data security standard refers to storage devices used in servers, enterprise main storage and data centers, and other enterprise-class applications. It ensures that data at rest is protected through encryption, even in the event that physical security measures in the data center fail, and a storage device or system goes missing. As in the Opal SSC, the encryption key is generated by the SSD and can never leave the drive. This is especially important in enterpriseclass computing, in that the resource-intensive key generation function is done automatically by the storage devices, alleviating a great burden from the IT team. The TCG Enterprise protocol enables enterprise-level security that is managed from a system console controlling a TCG Enterprise compliant RAID card or Host Bus Adapter (HBA). Although the TCG Opal and Enterprise specifications were created in parallel over the last several years, TCG Enterprise has been more recent in implementation. TCG Opal has been considered more critical because of the immediate importance to protect mobile computers. Enterprise encryption, in general, has been widespread, but much of that encryption has been done by the host computing system. The more recent introduction of SEDs within the enterprise represents a powerful and significant new storage security innovation. Enhanced Encryption and Device Decommission in the Enterprise As more end users rely on mobile computing, and as storage devices grow ever smaller, the risk of physically losing control of important data is obvious. Less obvious is the growing risk of losing control of data when a storage device is decommissioned. It s unfortunately common for data on devices from high-profile companies and government agencies to be inadequately deleted before the devices are disposed of, redeployed or even donated to charities like the local grade school. This lack of effective media sanitization has led to sensitive data being inadvertently released into the public domain. For traditional rotating media, such as hard disk drives, the accepted methods of data destruction can be both costly and slow. The process can even involve physically grinding or drilling holes through media, necessitating the purchase or lease of expensive equipment, or farming out hardware destruction to other firms. On the other hand, SSDs, and SEDs in particular, 3

enable data to be purged in a much more efficient, fast, and inexpensive method. many devices, or quickly encrypt a few, and then move on to other important tasks. Cryptographic erase of SSDs is a process that simply changes the encryption key on the drive. The system administrator, once authenticated, can issue a simple command to start a process where a random number generator on-board the SSD creates a new 256-bit encrypted key, and securely erases the old key. Once completed, literally in a matter of seconds, all the data on the drive is effectively unreadable. SSDs also provide the uniquely fast and efficient ability to securely erase or sanitize the drive, even if encryption is not available. While physically deleting the bits on a spinning hard drive can take many hours, for an SSD that process can be performed within minutes. This element of speed represents a key advantage of SSDs compared to traditional rotating devices. Crypto erase and the fast and easy sanitize process provide an enterprise with efficient and verifiable means to ensure that retired or redeployed devices don t take sensitive data with them. Freeing Up IT Resources SEDs, especially solid state SEDs, provide other advanced efficiencies when managing IT resources. On an SED, the encryption engine is always on, meaning that all the stored data is encrypted, regardless of whether authentication control has been enabled. This means that when these security features are enabled, there is no requirement for a long encryption process for data that has already been stored on the device. As a result, an IT department can rapidly image As mentioned previously, the TCG Opal protocols, which allow remote access to lost computers through a console in the IT office, further alleviates the IT burden. For example, an IT manager can locate a notebook anywhere in the world, gain access, and wipe the drive to ensure data stays protected, or lock authentication to the device, such that an intruder is effectively unable to access sensitive data. The Micron Approach Micron Technology allows TCG SSC Opal and TCG SSC Enterprise compliant SEDs to meet all the data protection and security requirements of today s data-centric enterprise. Micron provides the ability to protect data in the event of hardware loss or theft, and guards against the intrusions that can result from that loss. Micron s SEDs implement verifiable data protection methods, following protocols that allow customers to know for certain that their data is protected, both at rest and after device decommissions. Micron understands that sometimes these issues are so important that customers cannot simply rely on a company s assertion of effectiveness. For this reason, we have engaged third-party validation or our processes, ensuring that the supported Micron Sanitize commands, Sanitize Crypto Erase and Sanitize Block Erase, function as advertised. Micron has worked with Kroll Ontrack to achieve these certifications, gaining independent recognition from a well-known industry leader for Micron s encryption and sanitization methods and effectiveness. 4

Currently, the amount of data end users generate grows exponentially on a daily basis. Micron understands that the definition of a data storage endpoint goes well beyond a traditional computer or storage array. Micron is uniquely positioned to take advantage of the opportunity to offer comprehensive data at rest security with TCG encryption for client and enterprise SEDs. Conclusion When it comes to mobility in the enterprise, it s easy for a computer or storage device to move around, after hours or during business travel. More and more companies are recognizing the inherent risks of this mobility. The end users of data storage systems are searching for concrete steps they can take to secure their data storage and to gain peace of mind. These companies require assurance that their important, sensitive data moves through the world protected against loss or theft. But mobile computing is not the end of the story. Today, much more data is being stored in the cloud, whether public or private. This has led to much higher attention paid to enterprise encryption. The advantage of moving the encryption workload to the storage device is becoming increasingly evident. C-level executives and IT professionals have a clear choice: SED adoption satisfies regulations and standards compliance, lowers the TCO, increases IT efficiency, and secures data while preventing data breach due to lost or stolen devices. Micron is uniquely positioned to ease adoption with high-level expertise, advice, and support. To continue the conversation, contact us at SED@Micron.com or follow us at Micron Storage (www.micron.com/storageblog) and at @MicronStorage. Micron products are warranted only to meet Micron s production data sheet specifications. Products and specifications are subject to change without notice. 5 Micron and the Micron logo are trademarks of Micron Technology, Inc. TechTarget 2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information