«

»

Oct
15

Creating Security from the Inside Out

From: Forbes

Tom Coughlin

The Trusted Computing Group Storage Technical Working Group has been leading the digital storage industry in the introduction of storage security built into individual storage devices.   This group has created standard for encrypted storage devices for consumer as well as enterprise applications with its OPAL and now enterprise secure-storage device standards.  The TCG standards cover various Self Encrypted Drives (SEDs) such as hard disk drives (HDDs) and solid state drives (SSDs).

Secure storage devices with on-board encryption are available from many vendors today, including all hard disk manufacturers (Seagate Technology, Western Digital and Toshiba) as well as major SSD manufacturers such as Intel, Micron, and Samsung.  Coughlin Associates expects that all solid state drives will use on-board encryption within the next few years since it allows rapid content erasure by overwriting the encryption key (see the 2011 Self Encrypted Drive Market and Technology Report, http://www.tomcoughlin.com/techpapers.htm).  Likewise this technology is also expected to become more common on regular HDDs because of better data security and also rapid crypto-erase of data.

The Trusted Computing Group, as well as leading companies in the storage devices security industry, have initiated moves to move encrypted security from the realm of individual storage devices to network storage.  The TCG announced in early October that it is discussing integration of its Trusted Network Connect (TNC) architecture with network security with the widely used Security Content Automation Protocol (SCAP), developed by the U.S. Commerce Department’s National Institute of Standards and Technology (NIST).

The Microsoft Windows 8 operating system will bring the Trusted Platform Modules (TPMs, the basis of storage device-based encryption security as well as additional security features) to wider use for enterprise applications.   With advances in malware detection, access control and encryption, Windows 8 will provide support for the hardening of BIOS standards and native support of SEDs by the operating system.  All Windows 8 devices will include a TPM and optionally SED support.

According to the TCG web site, “The Trusted Network Connect (TNC) Work Group has defined and released an open architecture and a growing set of standards for endpoint integrity. The TNC architecture enables network operators to enforce policies regarding endpoint integrity at or after network connection. The standards ensure multi-vendor interoperability across a wide variety of endpoints, network technologies, and policies.”

Wave Systems, a pioneer in enabling SEDs, is furthering network support of self-encrypted storage devices.  In August the company announced cloud-based management for SEDs with its Wave Cloud service.  This subscription service offers cloud-based management of enterprise-wide SEDs.  Thus encrypted drive key management can be offered as an on-line service, eliminated the cost and complexity of implementing key management for laptops and other storage devices.  A service like this makes enterprise class key management available even to small and medium size companies and will increase the drive to implement and manage self-encrypting drives.

SEDs will enable a level of security that has eluded many companies and organizations in the past.  The use of TPMs allows many boot level security features to be implemented including support of SEDs.  Integrating the TNC architecture with widely used security protocols will increase the value still further.  The wide-spread use of these TPMs in Windows 8 will make sure that the next generation of Windows enterprise products include many innovative storage features.

Finally by making key management a cloud-based service, SED security management for an entire enterprise is available even to the smallest company and organization.  The efforts of the Trusted Computing Group are truly creating security from the inside out.

Leave a Reply

Please Answer: *