View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
January 30, 2009

Spec secures data at rest

End-to-end encryption in store?

By CBR Staff Writer

 

Encryption could soon become a standard feature in hard drives of all kinds, after an industry standards group and some heavy-hitting technology vendors agreed on common cryptographic standards for protecting data at rest.

Should the new standards be widely adopted as expected, disks would effectively be locked without the use of a password, and would require the use of a password before a system even starts. Encryption would be built-in at the firmware level and be completely transparent to users.

The Trusted Computing Group, whose members include Fujitsu, Hitachi, IBM, Seagate Technology, Samsung, Toshiba, Wave Systems and Western Digital among others, has announced three non-proprietary specifications. 

These outline encryption standards for secure storage in both PCs and servers. There is also a proposed standard for the SCSI and ATA protocols used by hard disks and other storage subsystems.

Adherence to the new Opal standard should ensure storage hardware manufacturers start to build some common security safeguards into their devices. These would protect the confidentiality of stored user data against unauthorised access once it leaves the owner’s control. The measures will also provide for some user definable features such as access control, locking ranges, or user passwords, etc.

As well as Opal, the Storage Interface Interactions specification details how all of the specifications interact with storage connections and interface specifications, including ATA, ATAPI, SCSI, Fibre Channel, and others. 

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

An Enterprise Security Subsystem Class specification takes aim at drives used in data centres and high-volume applications, where typically there is only minimum security configuration at installation.

Encryption is fast becoming a necessity for both data at rest and in transit. Its use looks increasingly likely to feature as part of an organisation’s information security policy, particularly to to protect confidential company and customer information and ensure compliance with laws like the Data Protection Act of 1998 in the UK. 

“Lost and stolen data costs industry and consumers hundreds of millions of dollars, not to mention loss of credibility, legal issues and lost productivity,” said Trusted Computing chair Robert Thibadeau.

Interestingly, encryption is not a requirement of the Payment Card Industry Data Security Standard. This is something businesses are now calling to be mandated.  Robert Carr, chief of the Heartland payments processing business that was hacked last year, has recently called for better industry cooperation and new operational procedures to prevent future data compromises, including industry wide, end-to-end encryption to fully protect sensitive financial data.

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU