In-Depth

Encryption in the Field

What keeps notebook data safe is moving deeper into the enterprise

• By Chris DeVoney
• 10/02/2007

It took a while, but Seagate Technologies and Hitachi Data Systems have been shipping the self-encrypting 2.5-inch hard disk drives for several months. Now Dell is offering a Seagate drive as an option in their business Lattiude notebooks, joining Lenovo/IBM Thinkpads and Fujitsu Lifebooks that offer similar options.

As we all know, notebooks are easy to lose, with reasons ranging from absentmindedness to theft. The cost of replacing the hardware is a business annoyance. The cost to replace the data increases the loss—the biggest hit resulting when confidential or protected data disappears.

There are three problematic scenarios: company secrets fall into the hands of the competition; classified government secrets go astray; and customer or legally-protected information is exposed. To date, I'm not aware of cases of industrial espionage concerning notebooks, but I suspect they have happened quietly. We know government computers holding classified information from the State Department remain AWOL. The most common problem was underscored when a Veterans Administration notebook containing data on 26.5 million persons was stolen from a private home.

Such occurrences, along with the assaults on corporate databases, have triggered many state privacy laws. Led by California and followed by 32 other states, these laws mandate disclosure and customer notification of any incident which exposes their information. Even more strict, HIPAA governs any patient information is lost or stolen. Notwithstanding the cost of the loss of confidence, the cost of notifying those affected can be astronomical.

A potential Federal effort to combat such loss is Senate bill S.495, the Personal Data Privacy And Security Act Of 2007, sponsored by Patrick Leahy (D-VT) and Bernie Saunders (I-VT). The bill consolidates various state privacy laws into one federal law. However, the act also criminalizes “intentionally and willfully concealing a security breach” when that leak causes economic damage to anyone. The bill came out of committee before summer and may see daylight next month.

The range of laws provides an exemption when the data is encrypted. The problem is that if file or directory encryption is employed, the defendant must prove all relevant files were encrypted at the time of the loss.

There are problems with software-based encryption. It can perform poorly, can be turned off by the user, is often clumsy to use, and allows files to be copied out of the protected areas. Because many notebook computer users have administrative rights, the only true proof that encryption may be intact is in the lost or stolen notebook. Under such circumstances, would you raise your right hand and swear everything was operational?

The only get-out-of-jail card guaranteed to work with all privacy laws is hardware-based, full-disk encryption. Even the OS paging areas and browser work areas where data could hide inadvertently is protected. That’s one reason the Seagate and Hitachi products have received attention.

Another element of the secret sauce to secure computers is a microcontroller built into the notebook motherboard, called a Trusted Platform Module (TPM). The device stores keys, passwords, and digital certificates. The module ensures that the computer BIOS is tamper-free, and is needed to send the password to the disk securely. The same module also provides a non-forgeable certification so that the computer hardware, BIOS, and OS are unaltered.

This gives enterprises a high-assurance authentication mechanism for network access. Over several million notebook computers—principally Thinkpads, but many others in recent years—already have the TPM installed.

Why aren’t more of us using the TPM functionality? One reason is small installed base. Don McCall, Enterprise Security Strategist at Dell, says that corporations won’t use the technology until the installed base crosses the 70 - 75 percent threshold. Although Dell has installed TPM’s for several generations of Latitudes, the TPMs inside are sitting idle.

Key Management

Another dark side of both hardware disk encryption and TPM use is key management, particularly exacerbated by the usual support issues of traveling devices. Basically, you can’t deploy more than a handful of systems without key escrow and recovery becoming a major issue. Because machines travel, remote control assistance is a necessity.

The key management issue also touches on another problem: without recorded and enforced policies, users with administrative privileges can turn drive encryption off. Without centralized management, the only evidence that encryption was in use is on the missing hard drive. It's a circular problem.

That’s one argument made by Wave System’s CEO, Steven Sprague. Wave’s client software is included with the Dell and Lenovo systems and the company sells its Embassy Trust suite for centralized key management and for strong authentication. Without the TPM squawking that encryption has been enabled, you have no real proof that encryption was in play but your computer could still have been vulnerable to a data loss.

Currently, there are few guidelines and little case law concerning proof that lost data was encrypted. It is therefore unclear if swearing to such a statement in an administrative or legal hearing is good enough. Could this be comparable to the comfort level of someone who has signed Sarbanes-Oxley certifications and who knows they are criminally libel for any mistake? If that level of comfort is insufficient, then the central role of the management software is an absolute given.

There is, however, good news: encrypting hard disks will get faster, more capacity will be available, and efforts are being aimed at desktop and servers alike. Obviously, hardware-encrypted RAID systems are still being puzzled out, but keeping data-at-rest safe by encrypting the hard disk will probably be a virtual no-brainer within a couple of generations of computers. The use of TPMs may also take a few generations, but will offer significant advantages as well.