Seagate 10K.3 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 2

Self-Encrypting Drives for Servers, NAS and SAN Arrays Drive Control Headaches and Disposal Costs In an effort to avoid data breaches and the ensuing customer notifications required by data privacy laws, corporations have tried a myriad of ways to erase the data on retired drives before they leave the premises and potentially fall into the wrong hands. Current retirement practices designed to make data unreadable rely on significant human involvement in the process, and are thus subject to both technical and human failure. The drawbacks of today's drive retirement practices are both numerous and far-reaching: • Overwriting drive data is expensive, tying up valuable system resources for days. No notification of completion is generated by the drive, and overwriting won't cover reallocated sectors, leaving that data exposed. • Degaussing or physically shredding a drive are both costly. It's difficult to ensure the degauss strength is optimized for the drive type, potentially leaving readable data on the drive. Physically shredding the drive is environmentally hazardous, and neither practice allows the drive to be returned for warranty or expired lease. • Some corporations have concluded the only way to securely retire drives is to keep them in their control, storing them indefinitely in warehouses. But this is not truly secure, as a large volume of drives coupled with human involvement inevitably leads to some drives being lost or stolen. • Other companies choose to hire professional disposal services, an expensive option which entails the cost of reconciling the services as well as internal reports and auditing. More troubling, transporting a drive to the service puts the drive's data at risk. Just one lost drive could cost a company millions of dollars in remedies for the breached data. With these shortcomings in mind, it's no surprise that an IBM study found that 90 percent of the drives returned to IBM were still readable. The key lesson here? It's not just the drive that's exiting the data center, it's also the data stored within. Encryption Every day, thousands of terabytes of data leave data centers as old systems are retired. But what if all those hard drives had been automatically and transparently encrypting that data, enabling it to be instantly and securely erased? A majority of U.S. states now have data privacy laws that exempt encrypted data from mandatory reports of data breaches. And make no mistake, the cost of data exposure is high-US$6.6 million on average1. Challenges with performance, scalability and complexity have led IT departments to push back against security policies that require the use of encryption. In addition, encryption has been viewed as risky by those unfamiliar with key management, a process for ensuring a company can always decrypt its own data. Self-Encrypting Drives comprehensively resolve these issues, making encryption for drive retirement both easy and affordable. We'll discuss two security scenarios: • SEDs that provide instant secure erase without the need to manage keys • Auto-locking SEDs that help secure active data against theft with key lifecycle management 2 1 2008 Annual Study: Cost of a Data Breach, Ponemon Institute, February 2009