Storage player Seagate on Tuesday said it has reached a major milestone in keeping credit cards — not to mention government secrets — safe from prying eyes.
The company’s new Momentus laptop drive has earned the coveted Federal Information Processing Standard 140-2 certification. That puts Seagate in front of the pack in bidding for U.S. government agencies and regulated industries such as health care, defense and financial services.
But the certification — which makes Seagate’s Momentus the first hard drive with native encryption to earn the FIPS certification — is also a powerful validation of the security technology that Seagate has long been baking into its Self-Encrypting Drives, or SEDs. The technology takes raw data sent to the drive by the laptop, and independent of the operating system and software, encrypts the data on the fly.
That makes the Momentus SED, which comes in capacities of up to 500 GB, not just a must-have for government and highly regulated industries. Instead, it makes a case for the drive as being locked down for all manner of critical data — such as key business data that could prove costly if lost.
Seagate’s got other reasons to crow about its Momentus SED, too. On Tuesday, Seagate also said it had begun providing system builders with evaluation drives compliant with the Opal specification created by the Trusted Computing Group, an international security standards body .
Among other requirements, that standard includes features that finely tune how security works on drives like Seagate’s Momentus SED.
“Opal … introduces ‘banding’ where different bands can be controlled individually, enabling both multi-boot environments and multiple users accessing the same drive with different levels of permissions across different data sets,” Monty Forehand, director of the security engineering department at Seagate, told InternetNews.com.
At the very least, the FIPS certification by the U.S. National Institute of Standards and Technology (NIST) clears the way for deployments of Momentus SEDs by all U.S. and Canadian federal agencies, many state and local governments, and regulated industries such as health care, finance and defense that are required to use FIPS-certified gear. Utility, education and transportation entities also have adopted the standard to lock down confidential information, while foreign governments in addition to Canada also recognize FIPS-validated products.
But the advantages are clear not just for those select industries: With Momentus SED, laptop data is accessible only to the people who are authorized to access it. Leave a laptop in a cab, and the lucky new owner might have a new notebook PC, but any data and even the operating system will be off limits. When the laptop’s finder tries to boot, , the laptop cannot access its hard drive without authorization, making even a simple Windows startup impossible.
Meanwhile, authorized users can get at their data with ease, since an access key can be anything from a simple password to a sophisticated security token carried on a key ring.
“NIST approval gives our system builder and end-user customers the peace of mind that Momentus Self-Encrypting Drives deliver the full power of government-grade security,” Dave Mosley, executive vice president of sales, marketing and product line management at Seagate, said.
Keeping Your Password Safe
There are already many encryption solutions, but most rely on software. While the data may have the same AES 128-bit or the stronger AES 256-bit encryption as hardware encryption solutions, many software approaches may be prone to vulnerabilities.
For example, in such cases, the password is often stored in PC memory and can be compromised in a variety of ways. A little-known technique of physically freezing the memory chips below zero degrees can be used to take a snapshot of data in memory, enabling a hacker to read the password even minutes after power has been disconnected — and even after the chips have been removed.
To keep the password safe from attackers — and out of the computer’s memory — SED drives have a pre-boot sequence in which a mini operating system — on the drive itself — unlocks the data even before the computer’s full OS boots. According to Seagate, the passwords cannot be hacked even with full physical access to the computer or to the drive itself. If a client loses a password, then an administration password can potentially allow access to the various security bands and the data recovered, however.
In addition to its support for Opal — by which Seagate also aims to help foster an ecosystem for self-encrypting drives and increasing their adoption — the company is also collaborating with software vendors such as Secude, Wave Systems, CryptoMill, and WinMagic. The strategy there is to leverage the strengths of the SED approach to create full-featured hardware encryption solutions, while software vendors work to provide capabilities that include central management of the security and encryption keeping data safe and accessible on Seagate Secure drives.
Hardware-based encrypted drives also provide the ability to easily prepare drives for de-commissioning by simply changing the encryption key used to encrypt the drive’s contents, thereby rendering the data stored on the disk drive unreadable and unrecoverable. This can save the environment as well as the bottom line: Instead of destroying drives and potentially releasing dangerous chemicals, drives can be retasked or sold safely without the possibility of data getting out.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|