Top Ten Reasons to Buy Self-Encrypting Drives (SEDs)

Seagate introduced the first laptop hard drive with built-in encryption in 2007. Since then, the Trusted Computing Group (TCG) has defined an SED standard called Opal that has since paved the way for a wide-range of Opal-based SEDs from leading hard drive manufactures like Seagate and Hitachi, flash vendors like Micron and Samsung and external drive providers like CMS. PC vendors like Dell, HP and Lenovo offer these SEDs on a variety of systems, for little to no additional cost. Gartner estimates that in five years all drives will be hardware encrypted. What is an SED?

Why buy self encrypting drives?

#1: Compliance
Worldwide data protection laws and regulations continue to get more stringent on encryption, specify higher penalties, and require more rigorous compliance.

#2: Performance
SEDs have integrated encryption hardware, so the result: zero performance impact. For data intensive applications such as scans, backup, and large file operations, SEDs can provide more than double the drive performance of software FDE products.

#3: Stronger Security
Since the security of SEDs is independent of the operating system, then software attacks on the OS, BIOs, etc. are not effective against SEDs. SEDs are not vulnerable to attacks such as alternative boot approaches using CD or USB keys such as the Evil Maid attack; or memory attacks to discover encryption keys held in systems memory (example: Princeton Cold Boot attack)

#4: Integrated Authentication
User authentication is performed by the SED in order to unlock the drive. Authentication cannot be separated from the drive and is performed by a protected pre-boot OS, which is the only software in the system when authentication of the user is performed by the drive.

#5: Transparent to Software
SEDs operate at the hardware level making their encryption and authentication functions completely transparent to the system software, including the operating system.

#6: No Encryption Key Management Required
Encryption keys are generated in the SED controller and they never leave the drive. Thus, there is no requirement to backup, recover or store encryption keys, either locally or centrally.

#7: Ease of Use
With SEDs, users only have to authenticate to the drive at start up and then change passwords/credentials, as required. The result is that encryption is invisible to the user and the full system operates at performance with no impact on user productivity.

#8: Factory Integration
SEDs will typically be purchased as a feature in new platforms from PC OEMs, which is a benefit to users since: the SED is a system tested with all hardware and software; the encryption is always on; the PC OEM provides single point of support for platform and encryption solution and; the SED management software can be preloaded as part of factory image.

#9: Easy to Deploy
SEDs are always encrypting, therefore, when a drive is imaged, it’s immediately ready to use.

#10: Low Total Cost of Ownership
While even on acquisition costs, when comparing against full disk encryption, SEDs provide the lowest overall cost of ownership for an encryption solution in the areas of deployment, IT management, performance, user productivity and security/compliance.

About the Author

Lark Allen - Executive Vice President of Business Development, Wave Systems

Mr. Allen is responsible for Wave’s business and corporate development, specifically creating strategic technology relationships and evaluating opportunities that have potential to achieve Wave’s strategic goals. Additionally, Mr. Allen oversees the development of a core set of markets and strategies related to security products, thereby furthering the company’s competitive positioning.