Native encryption will next year become a standard function on Seagate SATA, SAS and Fibre Channel disk drives destined for servers and disk arrays.
Seagate, which accounts for around two thirds of all disk drives used in servers and disk arrays, has already won commitments from IBM and LSI to exploit the feature in their gear.
Exactly as for the laptop drives, the encryption is very much internal, and the enterprise drives will present servers and disk arrays with clear-text, unencrypted data, and Seagate admits that this means that the function will not protect data against hacking attacks, or against the unlikely event of the theft of entire servers or disk arrays.
But the feature will plug another major security gap, which occurs when old or obsolete disk drives are disposed with. Current methods of deleting data from drives before disposal include over-writing, de-gaussing or subjecting the drives to enormously strong magnetic fields, and physical destruction. According to Seagate all are riddled with shortcomings and are either prohibitively expensive, unreliable or time consuming.
Illuminata analyst John Webster said: For large organizations, particularly financial ones, the question of disposal is very real. it’s not a trivial issue.
Computer recycler and disposal service provider TechPro told Computer Business Review this summer that many companies are so concerned about losing sensitive data that they are hanging on to gear rather than putting it out with the trash.
We know of banks that are renting storage space just to keep obsolete hardware. They’re literally mothballing the stuff, said TechTurn CEO Richard Ziegler.
TechTurn said that drives containing corporate data are also showing on eBay. We see 72GB, and 160GB SCSI and Fibre Channel drives up there. Those are coming out of corporations. People don’t run Fibre Channel drives in their garage, Zeigler said.
But once Seagate’s encrypted drives have been removed from arrays or servers, the data on them will be rendered unreadable. And when disposing of entire servers, passwords or keys can be deleted to deliver the same effect without even removing drives.
In return for throw-away convenience, customers will have to suffer the overhead of managing encryption keys for the drives, and it remains to be seen whether they will see that as an acceptable trade. Seagate insists that once keys have been lost, data will be permanently lost, a there are no backdoors into the data
That’s the $1m question. It’s going to have to be a key management system that they feel comfortable with. Do you create a separate management and backup environment for encrypted data? The operational impact is not clear yet, Webster said.
Enterprise Strategy Group analyst Jon Oltsik said: Key management is fraught with operational, security, and auditing challenges. But Given the privacy regulations, large organizations will have to head down this path one way or the other 0 using key management products or services.’
At the moment there are few standards by which devices that encrypt – such as Seagate’s drives – can talk to key management systems. A proposed IEEE standard called P1619.3 is expected to be ratified next year as the first effective standard. Seagate said its drives will support this standard.
Oltsik predicted that other disk drive makers will follow Seagate’s lead. Seagate is just being first, he said. What will the effect of that be on the suppliers of external, SAN bump-in-the-wire encryption devices such as Decru and NeoScale? Oltsik said that since over 95% of those companies’ businesses is related to tape, the effect will be minor.
Tape drives have already gained native encryption functions, and Decru and NeoScale are already planning to survive the obsolescence of their products by becoming suppliers of key management systems.
