In-Depth
Storage Security Part V: Disk Encryption
Seagate’s announcement of Momentus drives with DriveTrust technology holds promise for enabling IT to secure data at rest
The encryption of backup tapes has been the focal point of industry and press banter about the need for specialized storage security. However, the truth is that much disk-based data has been inadvertently disclosed as tape-based.
Already under attack from disk array manufacturers, supported by analyst reports stating that tape media is unreliable for any purpose, tape vendors also confront highly-publicized criticisms of the vulnerability of the tape backup process itself—including manual tasks such as media management and the transportation of written media to offsite storage. Despite the many media and tape automation-based encryption improvements (see last week’s column), of the past three years, the “tape is dead” crowd continues to strive to make tape the whipping boy of storage security.
A couple of weeks ago, a friend of mine in the used-equipment business called me to ask how he should handle an issue of data security involving disk rather than tape. A financial company was retiring some of its older arrays and offering them to his company for subsequent refit and resale on a growing used-equipment market. Upon receipt, my friend discovered that the disk drives in the array were still populated with personal data about employees and customers. He decided against accepting the gear after being told by the seller that he could wipe the data off the disks himself.
Such a cavalier attitude toward the disposal of disk containing potentially sensitive data accounts for some of the growing record of disclosure events today. Arguably, no amount of security technology can shore up what are simply poor business practices.
Add to the issue of insecure disk disposal the number of misplaced, lost, or stolen laptops containing private financial and business information on internal disk drives that are themselves growing in capacity every couple of months. It is not uncommon to enter a Fortune 500 environment where data-protection measures, including disaster recovery and data security, have not been applied to the terabytes of storage that exist in mobile computing devices. When a laptop containing a customer database is stolen at an airport, hotel, or conference event, there is no telling what will happen to the data on the drive— and often no clear idea of what data the drive contained.
Laptop Drives Vulnerable
A recent survey by Credant Technologies offers insights into the situation. Polling 426 respondents, primarily from IT, representing CEOs, CIOs, vice presidents, directors, and staff in high-tech, finance, health-care, government, and manufacturing industries, Credant found that 72 percnet of respondents believed encryption is required to comply with data privacy regulations, but less that 20 percent of companies sampled encrypt the data stored on laptops and other mobile devices. Moreover, 88 percent of respondents reported that they knew sensitive data is stored on mobile devices and almost 62 percnet stated that up to 25,000 accounts/records would be exposed in a breach.
Despite the small size of the polling sample, the survey suggested that companies are aware of the vulnerability of data on mobile computing devices but have been sluggish to do anything about it. In general, on-drive laptop encryption has met with mixed approval. War stories abound of PC crypto software running afoul of patches and upgrades and resulting in the inaccessibility of all data on the local drive even to those with permission to access the data.
Seagate began addressing the problem of disk-media security last October. In March the company announced products based on its on-drive encryption technology called DriveTrust. According to company spokespeople, Seagate’s Momentus 5400 FDE.2 (Full Disc Encryption) hard drive features perpendicular recording technology to deliver up to 160GB of capacity, a fast Serial ATA interface, hardware-based AES encryption, and a government-grade security protocol used to encrypt all hard drive information transparently and automatically, preventing unauthorized access to data on lost or stolen laptops.
“The encrypting hard drive,” says Seagate, “also gives organizations an easy way to repurpose or retire laptops without compromising sensitive information and to comply with the growing number of data privacy laws calling for the protection of consumer information using government-grade encryption.”
Elements of Drivetrust
According to the company, DriveTrust technology actually uses four technologies: enhanced firmware, trusted send/receive, secure partitions, and issuance protocol. Together these elements create a secure storage solution that can be leveraged by independent software developers, via a software development kit, to assist in developing DriveTrust-enabled applications.
Breaking down the elements of DriveTrust, the first component is firmware, the software that runs on the drive’s internal computer. Disk firmware is normally used to manage extremely complex drive functions such as moving the read/write heads, tracking bad sectors on the disc, and storing bitmaps data locations. DriveTrust technology adds security code to drive firmware, which is “optimized on the drive’s computing resources.” Specifically, DriveTrust technology implements a cryptographic service provider on the drive, including encryption, hashing, secure storage, decryption, digital signature, and random number generating functions.
The second element, trusted send/receive, refers to the extension of ATA and SCSI interface command sets to include new “trusted send/receive (in/out)” commands. Seagate’s specification, implemented on its DriveTrust-enabled disks, was designed in collaboration with the standards bodies that define ATA and SCSI interfaces.
DriveTrust also implements a strategy of secure partitions. According to the vendor, a 200 GB hard drive reserves roughly 200 MB for internal system memory. DriveTrust technology uses this space to create secure partitions that are both logically and physically separated from the rest of the drive memory, with strong conditional access controls—providing a location to store cryptographic keys. DriveTrust-equipped drives can make these secure partitions exclusively available to applications that present the proper credentials. Software developers, says the company, can use this capability to build strong authentication functions into their applications.
Finally, Seagate touts an “issuance protocol” as part of its DriveTrust technology. Using this technology, software applications, basic input/output systems, and other programs can be made to interoperate with a DriveTrust-equipped drive through strictly controlled communication channels. Developers can write applications and have them assigned to a secure partition in the drive through the issuance protocol. Anytime the application attempts to access those secure resources, it must present its credentials—given under the issuance protocol—to the administrator function in the drive. The administrator function authenticates the application, activates the appropriate secure partition, and thus allows the application to interact with the secure partition through the trusted send/receive command set specification.
First Implementations
Seagate’s announcement of Momentus drives with DriveTrust technology was made in concert with an announcement that ASI Computers, a leading channel provider of laptop PCs, had adapted the drive into its next-generation laptop product, the ASI C8015 whitebook system. For additional security, the ASI C8015, which began shipping in April, features a biometric fingerprint reader for stronger user authentication. ASI targets health care, legal, finance, government, and other industries requiring strong protection of information stored on laptop PCs.
In addition to the Seagate Full Encryption Momentus drive, ASI integrates software from Wave Systems: Embassy Security Center Trusted Drive Manager. This software is used to set up and configure the Momentus 5400 FDE.2 drive and provides convenient access for administrators and users to create and back up passwords, and for administrators to control hard drive policies and security settings. The software also leverages Seagate’s DriveTrust Technology to allow administrators to instantly and easily erase all data cryptographically so the drive can be safely redeployed or discarded.
Seagate says that while the initial implementation of DriveTrust has been made to meet the needs of mobile computers, the technology is portable to other drives, enabling the construction of arrays of just about any flavor (DAS, NAS or SAN) that can self-encrypt their data.
Conclusions
Seagate has opened the way for on-device data encryption in the hard disk world, which it claims will stand up to any competitors. At first blush, the technology seems to be a great enabler for securing data at rest in storage infrastructure. Your views and experiences with this product or other on-disk encryption wares are welcome: jtoigo@toigopartners.com.