Seagate 15K.2 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 1

Technology Paper Self-Encrypting Drives for Servers, NAS and SAN Arrays Overview This paper discusses the challenge of securing data on hard drives that will inevitably leave the owner's control. It introduces Self-Encrypting Drives (SED), which may be used in two ways: to provide instant secure erase (cryptographic erase or making the data no longer readable), and to enable auto-locking to secure active data if a drive is misplaced or stolen from a system while in use. Two appendices then follow: The first compares SEDs to other encryption technologies used to secure drive data. The second provides detailed analysis of instant secure erase and auto-lock SED technology, explaining how SEDs are used in servers, NAS and SAN arrays, virtualized environments, RAIDs, JBODs and discrete drives. Introduction When hard drives are retired and moved outside the physically protected data center into the hands of others, the data on those drives is put at significant risk. IT departments routinely retire drives for a variety of reasons, including: • Returning drives for warranty, repair or expired lease agreements • Removal and disposal of drives • Repurposing drives for other storage duties Nearly all drives eventually leave the data center and their owners' control; Seagate estimates that 50,000 drives are retired from data centers daily. Corporate data resides on such drives, and when most leave the data center, the data they contain is still readable. Even data that has been striped across many drives in a RAID array is vulnerable to data theft, because just a typical single stripe in today's high-capacity arrays is large enough to expose hundreds of names and social security numbers.