HNS MAIN FEED
Saturday, 00:48 EST
- Zero-day vulnerabilities in Firefox extensions discovered
- Three charged with Comcast.net hijacking
- Cloud computing security benefits, risks and recommendations
- Poisoned Google search results
- World’s first wireless USB external hard drive
- A look at Securitybyte & OWASP AppSec Asia Conference 2009
- Biggest threats to federal systems and critical infrastructure
- Are 64-bit Windows inherently safer?
- NSA on cyber attacks and Microsoft collaboration
- New books: ModSecurity, Snow Leopard, social Web applications
- Vulnerability in IBM SolidDB memory caching software
- Two arrested for Zbot Trojan
Q&A: Hard drive encryption
Dave Anderson is Director, Strategic Planning for Seagate and is involved in developing the opportunities for hard drives to contribute to system security. In this interview he discusses the various aspects of hard drive encryption.
Because of legitimate concerns regarding theft, encryption is increasingly becoming ordinary for laptops. What about desktop machines, should companies think about encrypting everything in the enterprise?
In theory the decision to encrypt should be based on factors such as the type of information to be protected and an evaluation of the organization’s susceptibility to a data breach. In practice, information is so easily disseminated and so difficult to track, that it is effectively impossible to manage the problem in this way.
Laptops have received most of the attention with respect to encryption because those systems are the most obviously portable. However, there are two key factors that pertain to desktops and other enterprise storage devices such as servers and external storage arrays that are often missed:
1. Every single disk drive in an organization will eventually leave that organization.
2. It is impossible to know if any given drive contains sensitive information.
An administrative assistant’s PC could as likely contain critical information as the CEO's or a drive pulled from a server. This and the high cost of data breaches argue strongly for encrypting all data. Now, with Seagate Secure Self-Encrypting Drives (SEDs) available for every disk drive application, and the cost of using them so negligible, it only makes sense to consider encrypting everything, always. It is just so easy to be safe and so expensive to be sorry.
In larger corporations physical security is such that there isn’t typically much worry over the possibility of a server being stolen by thieves walking it out of a building. Of greater concern is drive retirement and disposal. Encryption makes these easy as well. As we’ll see shortly, data on SEDs can be made instantaneously and permanently unreadable using a cryptographic erase. This prepares the equipment for reuse or disposal with no need to worry about other options such as contracting with an outside organization for disposal. This latter approach has too often shown to involve the biggest vulnerability found in a sophisticated IT department. Things go wrong during these disposal processes because there is human involvement in the process, and people make mistakes. Where people can make mistakes, there is always a risk of a data breach along the way. Again, as we’ll see in the answer to the third question, Instant Secure Erase can significantly mitigate the vulnerability of data when people make mistakes.
1 | 2 | 3 | Next page >>
- Q&A: Wireshark
- Best practices for DNS security
- Spam evolution: September 2009
- Looking back at 2009 through SQL injection goggles
- Q&A: Web application security
