Making Data at Rest Encryption Easy

Similar documents
Seagate Instant Secure Erase Deployment Options

Perceptions about Self-Encrypting Drives: A Study of IT Practitioners

Solid-State Drives with Self-Encryption: Solidly Secure

Data Security Using TCG Self-Encrypting Drive Technology

Trusted Computing Basics: Self-Encrypting Drives

New Drive Technologies Enable Strong Data Protection Strategies: Managing Self-Encrypting Drives in the Enterprise

Seagate Secure Technology

Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

SecureD Technical Overview

Samsung SED Security in Collaboration with Wave Systems

Advances in Storage Security Standards Jason Cox Intel Corporation

Frequently Asked Questions: EMC Isilon Data at Rest Encryption Solution

Security for Disk Drive Data at Rest Disk Drive Opportunities?

Encrypted SSDs: Self-Encryption Versus Software Solutions

XTREMIO DATA AT REST ENCRYPTION

Safeguarding Data Using Encryption. Matthew Scholl & Andrew Regenscheid Computer Security Division, ITL, NIST

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Implementing Stored-Data Encryption (with a bias for self-encrypting drives) Presenter: Michael Willett SAMSUNG Author: Michael Willett, Samsung

Implementing Disk Encryption on System x Servers with IBM Security Key Lifecycle Manager Solution Guide

Technical Note. Installing Micron SEDs in Windows 8 and 10. Introduction. TN-FD-28: Installing Micron SEDs in Windows 8 and 10.

Intel RAID Premium Features

Kaspersky Lab s Full Disk Encryption Technology

Keep Your Data Secure: Fighting Back With Flash

Navigating Endpoint Encryption Technologies

QuickSpecs. SATA (Serial ATA) Hard Drives for HP Workstations. Introduction. SATA (Serial ATA) Hard Drives for HP Workstations.

Penetration Testing Windows Vista TM BitLocker TM

Cloud & Security. Dr Debabrata Nayak Debu.nayak@huawei.com

Bypassing Self- Encrypting Drives (SED) in Enterprise Environments. Daniel Boteanu Kevvie Fowler November 12 th, 2015

Consumerization of Trusted Computing. Dr. Michael Willett Samsung

Dell Compellent 6.5 SED Reference Architecture and Best Practices

Intel RAID Controller Premium Feature Key Training

BBM Protected: Secure enterprise- GrAde MoBIle MeSSAGING

Factory-Installed, Standards-Based Hardware Security. Steven K. Sprague President & CEO, Wave Systems Corp.

Full Disk Encryption Drives & Management Software. The Ultimate Security Solution For Data At Rest

Self-Encrypting Hard Disk Drives in the Data Center

Encrypted Storage: Self-Encryption versus Software Solutions. Dr. Michael Willett Storage Security Strategist

Protecting Your Business from Costly Data Theft: Why Hardware-Based Encryption Is the Answer

Enova X-Wall LX Frequently Asked Questions

DATA BREACH LAW UPDATE Global Trends Legal Complexities

Global security intelligence. YoUR DAtA UnDeR siege: DeFenD it with encryption. #enterprisesec kaspersky.com/enterprise

Efficient Key Management for Oracle Database 11g Release 2 Using Hardware Security Modules

Centrally Managing Access to Self-Encrypting Drives in Lenovo System x Servers

Functional diagram: Secure encrypted data. totally encrypted. XOR encryption. RFID token. fingerprint reader. 128 bit AES in ECB mode Security HDD

Hardware versus Software

Addressing the Data Protection Requirements of the HITECH Act

RSA Solution Brief RSA. Encryption and Key Management Suite. RSA Solution Brief

EmulexSecure 8Gb/s HBA Architecture Frequently Asked Questions

An examination of information security issues, methods and securing data with LTO-4 tape drive encryption Introduction

Self-encrypting drives (SED): helping prevent data loss, theft, and misplacement

HP ProtectTools Embedded Security Guide

Self-Encrypting Drives for Servers, NAS and SAN Arrays

ACER ProShield. Table of Contents

EMC VMAX3 DATA AT REST ENCRYPTION

Using BitLocker As Part Of A Customer Data Protection Program: Part 1

Disk Encryption. Aaron Howard IT Security Office

Hardening Private Keys with Less Hassle, Less Cost and More Security: A Case Study in Authentication. An InformationWeek Webcast Sponsored by

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

Mobile Device Security and Encryption Standard and Guidelines

Practical Storage Security With Key Management. Russ Fellows, Evaluator Group

Solid Security: The Rise of Self-Encrypting. Solid State Drives. Thomas Coughlin

Approved By: Agency Name Management

Secure SSL, Fast SSL

BBM Protected Secure mobile

The Encryption Technology of Automatic Teller Machine Networks

Full Drive Encryption Security Problem Definition - Encryption Engine

Technical Safeguards is the third area of safeguard defined by the HIPAA Security Rule. The technical safeguards are intended to create policies and

YOUR DATA UNDER SIEGE. DEFEND IT WITH ENCRYPTION.

U.S. Federal Information Processing Standard (FIPS) and Secure File Transfer

Research Information Security Guideline

Encryption. From the Real World

Removing the complexity from information protection

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

Commercially Proven Trusted Computing Solutions RSA 2010

Key Management Best Practices

Encryption Key Management for Microsoft SQL Server 2008/2014

Innovations in Digital Signature. Rethinking Digital Signatures

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February

More Expenses. Only this time the Telegraph will have to pay them after their recent data breech

MySQL Security: Best Practices

Aegis Padlock for business

Alliance AES Key Management

EMC Symmetrix Data at Rest Encryption

How Cloud Computing Can Accelerate Endpoint Encryption:

Securing Data on Portable Media.

Securing Corporate Data and Making Life Easier for the IT Admin Benefits of Pre Boot Network Authentication Technology

Data Protection: From PKI to Virtualization & Cloud

Opal SSDs Integrated with TPMs

Healthcare Compliance Solutions

TOP FIVE RECOMMENDATIONS FOR ENCRYPTING LAPTOP DATA A BEST PRACTICES GUIDE

TPM. (Trusted Platform Module) Installation Guide V for Windows Vista

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Endpoint Security for Mobile Devices NIST/OCR HIPAA Security Rule Conference June 6, David Shepherd, CISSP

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

A Comprehensive Plan to Simplify Endpoint Encryption

TPM. (Trusted Platform Module) Installation Guide V2.1

White paper Security Solutions Advanced Theft Protection (ATP) Notebooks

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Transcription:

Making Data at Rest Encryption Easy MM/DD/YYYY Jason Cox Client Security Products Lead Seagate Technology

What is SED? Self Encrypting Drive Basics The storage device LOCKS when it powers OFF. The storage device remains LOCKED when it is powered back ON. Authentication UNLOCKS the storage device. The storage device Reads and Writes data normally while drive is unlocked The plaintext data sent to the device is encrypted before being written The encrypted data read from the device is decrypted before being returned Benefits Always encrypting at line speed (no performance impact) Auto locking on power off Retirement, disposal, end of life Authentication Key Management Service Write Read Here is the unencrypted text P%k5t$ @sg!7#x1) #&% 100% performance encryption engine in the drive 2

Needs & Solutions Customer Needs SED Solutions Government-Grade Security FIPS 140-2 Certified SED FIPS Drives Data-At-Rest Protection TCG-Compliant Security Requires TCG Host Controller & Key Management System SED Drives Easy Disposal & Repurposing Instant Secure Erase Quick & Simple Data Encryption Key Erasure Crypto-Erase & Sanitize Features Security Foundation 3

Why SEDs? There s stuff on your laptop that has value, and makes loss/theft costly to you or your company. It costs you or your company time or money to replace time or money to do damage control. Your company could lose business. You could lose your job, or have your identity stolen. PLUS, regulatory compliance requirements! ie HIPAA, other new data privacy and breach notification legislation in the US and abroad 4

Types of Information What is this stuff? Personal (important to you): Identifying info, banking info, browser histories (banks, social networking sites, etc.), cookies, cached account names/passwords, other auto-fill form info, personal email Corporate (important to your company): product road maps, product schematics, design documents, customer and supplier info, email, employee records, consumer data, source code What about on a drive in a data center? All of the above and possibly way more. 5

Cost Is this really something to worry about? IBM estimates that 50,000 drives are retired from data centers daily 1 90% of drives returned for warranty contain readable data 1 Companies are generating more data Accessed by or stored on more devices Data Loss is expensive Data breaches cost more than $6M on average per incident 2 Lost/stolen laptops and mobile data-bearing devices cost $258 per record 2 (20% more per record than a general data breach) Average consumer out-of-pocket cost due to identity fraud increased to $631 per incident 3 1 http://www.redbooks.ibm.com/abstracts/tips0761.html 2 2010 Annual Cost of a Data Breach: US Study, Ponemon Institute (sponsored by Symantec), March 2011 3 http://bucks.blogs.nytimes.com/2011/02/09/the-rising-cost-of-identity-theft-for-consumers/ 6

End of Life Cryptographic Erase What do you do about the stuff when you re done with it? Overwrite Degauss Physical destruction SEDs provide for near-instantaneous cryptographic erase Destroying the media encryption key makes the encrypted data unrecoverable Near instantaneous Can affect retired or otherwise unreachable portions of the storage device 7

In The Time It Takes To Process This Slide The Information on Eight 3.0TB Hard Drives Could Have Been Cryptographically Erased 8

Standards Storage Interfaces: Incits Technical Committees T10 SCSI Storage Interfaces T13 AT Attachment (ATA) Security Subsystem Management: Trusted Computing Group Specifications Trusted Storage Core Specification Storage Interface Interactions Opal SSC Enterprise SSC Security Assurance: Federal Information Processing Standards (FIPS) FIPS 197 Advanced Encryption Standard FIPS 140-2 Security Requirements for Cryptographic Modules 9

Benefits of Standards Simplifies Procurement Cross-vendor compatibility Standard interface Simplifies Software Development Common capabilities Common interface Assurance of security capabilities NIST/FIPS validated security functionality Standardization is the process of developing and implementing technical standards. The goals of standardization can be to help with compatibility, interoperability, safety, repeatability, or quality. -Wikipedia, Standardization 10

TCG Storage Specifications General Documents Core Spec SIIS T10 (SCSI) T10 (ATA) Specific Documents Opal SSC Enterprise SSC Supporting Documents Opal App Note Enterprise App Note 11

SSC Overviews Opal Main Motivation Provide a solution to address current market needs: Stolen/lost laptop data leakage. End of life / disposal. Features Simple PIN-based authentication. Provide encryption and locking. Pre-OS boot authentication mechanisms. Enterprise Main Motivation Provide a solution to address current market needs: Minimize the time to bring devices online in a data center environment. Protect confidentiality of stored user data after device leaves owner s control End of life / disposal Features Simple PIN-based authentication. Provide encryption and locking 12

FIPS 140-2 Government Grade Security Joint Effort Between NIST & CSEC FIPS 140-2 is the Current Standard Segmented Into 4 Levels (Level 2 is Tamper Evident Physical Security) Accepted by Federal Agencies for the Protection of Sensitive Information Cryptography Must Be FIPS Validated Unvalidated Cryptography Viewed as No Protection Plain Text by Federal Agencies 13

What are the Benefits of FIPS? Generates New Business Opportunity / Expanded Markets Government, Health Care, Finance, etc. Product Testing Conducted in a Rigorous & Standard Manner Accepted / Validated Cryptographic Algorithms & Best Security Practices 14

Benefits of Standards (Revisited) Simplifies Procurement Cross-vendor compatibility Standard interface Simplifies Software Development Common capabilities Common interface Assurance of security capabilities NIST/FIPS validated security functionality Standardization is the process of developing and implementing technical standards. The goals of standardization can be to help with compatibility, interoperability, safety, repeatability, or quality. -Wikipedia, Standardization 15

IT Deployment Drive is Manufactured (and encrypting from the factory) Ships to OEM OEM configures system Ships to end user IT installs corporate OS image IT installs security management software* Software detects Opal SED Software installation activates SED functionality Software installs MBR shadow (pre-os boot authentication) Software configures authentication and locking ranges Including SW-managed TPM integration SECURITY IS NOW ENABLED DRIVE WILL LOCK ON POWER LOSS IF THE DRIVE IS STOLEN, THE DATA IS PROTECTED AT END OF LIFE, DRIVE CAN BE REPURPOSED WITH SECURE ERASE *This could be part of the OS, rather than a separate software application 16

In the Data Center Drive is Manufactured (and encrypting from the factory) Ships to OEM OEM integrates into SED management storage system Ships to customer SysAdmin installs new volume / storage system in data center SysAdmin initializes new system (authentication key, locking configurations) SECURITY IS NOW ENABLED DRIVE WILL LOCK ON POWER LOSS IF THE DRIVE IS LOST OR STOLEN, THE DATA IS PROTECTED AT END OF LIFE, DRIVE CAN BE REPURPOSED WITH SECURE ERASE 17

End of Life (Revisited) Need to Easily Refurbish / Repurpose Drives? Solution Cryptographic Erase Performs Instant Secure Erase Authentication Keys Return to Default Settings Benefits Instantaneous Erase For Secure Disposal Instantaneous Global Reset to Repurpose Drive to Default Settings 18

Conclusion Standardized solutions Interoperable Scalable Transparent Multiple vendor support (hardware and software) Ease of integration IT Policy: all future drive purchases to be SEDs Protect data throughout storage device life cycle Reduce disposal costs 19

Questions? 20

Thank You! Thanks to contributors and attendees! 21

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information