Self-encrypted drives set to become standard fare

We’ve seen this coming over time: Based on the Trusted Computing Group’s standard, hard drives and solid state drives (SSD), are offering self-encryption built-in. The key difference with these next-generation encrypted drives is that these units have the encryption integrated into a single chip on drive in the drive.

Securing data storage is especially important for small businesses, due to legal specifications that require companies to report breaches, and to maintain data for long periods of time for accountability purposes.

More than 45 states have data privacy laws with encryption safe harbors. In 2008, the average cost of notification regarding a data breach was $6.65 million per incident.

That adds up fast if a flash drive with company personnel and salary data is compromised, for example. At the Storage Visions 2011 conference here in Las Vegas, another stat thrown around that’s gives pause: Since 2005, over 345,124,400 records containing sensitive personal information have been involved in security breaches.

One of the advantages to the single-chip, no-software approach now in place: There’s no performance degradation. It’s also safer; the encryption keys are generated within the drive, so there are no keys to lose. The keys never leave the drive.

What is a self-encrypted hard drive? The drive itself protects the data, with either 128-bit or 256-bit AES keys that are stored in the drive itself.

“Technically, it’s a self-protecting device,” says Robert Thibadeau, senior vice president and chief scientist at Wave Systems, and a representative for the Trusted Computing Group, which oversees the technical specification for self-encrypting hard drives.

There’s the media encryption key that encrypts the data, and the authentication key that is used to unlock the drive and decrypt the media encryption key. Without the authentication key, there is no media encryption key in the drive at all. You create the password, then the only way to get back onto the drive–and to the data that’s on the drive–is with the password (or passwords) you set up.

Full-disk encryption can refer to software or hardware encryption, whereas self-encrypted hard drives are just hardware encryption. Microsoft coined the term full-disk encryption, but that term became confused with the encryption done by software like Bitlocker. Initially there was a premium, but at this point there’s little to no premium for buying one. Every drive maker makes self-encrypting drives.

In a few years, predicts Thibadeau, you’ll be buying a self-encrypting drive and you won’t even realize it-because it will be so pervasive. “The encryption just works, it doesn’t impact you.”

Samsung just introduced at CES it’s a 256-bit self-encrypted series of USB 3.0 hard drives. The drives include three new external drives, in 1TB, 1.5TB, and 2TB. The drives come with Samsung’s auto-backup software, and Samsung SecretZone for creating a secure virtual drive, and SafetyKey for setting up passwords and encrypted data backup. The drives are due in April; prices to be announced.

Check out our complete coverage of CES 2011.