Seagate 10K.3 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 4

Self-Encrypting Drives for Servers, NAS and SAN Arrays Using Self-Encrypting Drives merely for instant approach has an a fundamental flaw: Rather than secure erase provides an extremely efficient and increasing security, it actually decreases security effective means to help securely retire a drive. and increases complexity by exposing encryption But using SEDs in auto-lock mode provides even keys that are long-lived keys, while exposing large more advantages. In short, from the moment the amounts of cipher text that were all encrypted drive or system is removed from the data center with only a single encryption key. If encryption is (with or without authorization), the drive is locked. needed for data in motion, it should be provided No advance thought or action is required from by IPSec or FC over IP. Encrypting data on the the data center administrator to protect this data. drive is best performed by the drive itself, for all of This helps prevent a breach should the drive be the reasons provided below. mishandled and helps secure the data against the threat of insider or outside theft. Application, database, OS and file system encryption (see Figure 1) are all techniques Comparing Technologies for Securing Data on Hard Drives No single encryption technology can effectively and efficiently secure all data against all threats. Different technologies are used to protect against different threats. For example, Self-Encrypting Drives help secure data against threats when the drive eventually leaves the owner's control, but it cannot protect data from certain threats that take place within the data center. For example, if an attacker gains access to a server that can in turn access an unlocked drive, the attacker can read the clear text coming from the drive. Thus it's important to remember that SED encryption technology does not replace the data center's access controls, rather it complements them. Securing data at rest also should be complementary, rather than a replacement, to securing data in motion. The vast majority of data in motion moving over the wire downstream of the file system, whether moving over Ethernet on the NAS or at the block level on a SAN, is physically under the IT storage administrator's control, and therefore is not considered a security risk. For the data in motion that is not physically under the administrator's control, the most widely accepted and established practice for encrypting this data is to use IPSec or FC over IP, which use ephemeral session encryption keys to encrypt small amounts of data. It may seem that, instead of using this session security technique, encrypting in the fabric to secure the data on the hard drive is a better solution: the data is encrypted not only on the hard drive, but also as it travels through the fabric. But this that cover threats to drive data (whether from database, file or system administrators or from hackers) that arise within the data center. But due to the significant performance degradation and non-scalable changes required to the application, database, OS or file system that such encryption entails, it's impractical to encrypt more than just a limited portion of data. Administrators cope with this restriction by reserving encryption for only the most sensitive data. This forces administrators to rely on data classification in order to identify and locate sensitive data; unfortunately, it's widely acknowledged that this process fails to identify all instances of sensitive data. Data classification is difficult, labor-intensive and challenging to maintain, especially when sensitive information can be copied from a protected source to an unprotected destination. Such problems result in too much unencrypted sensitive data being written to disk, data which will likely persist on the hard drive long after the drive's useful life has ended. As such, it falls to encryption technologies downstream of the file system to provide full disk encryption and close the gap created when data classification fails to capture sensitive data. These technologies relieve data custodians from the responsibility of classifying the data's sensitivity upon leaving control of the data center, a task fraught with management headaches and extra cost. Encrypting in the fabric, RAID disk controller (in a server or storage subsystem controller) or hard drive are all possibilities. But where should this encryption take place? 4