Drive makers settle on a single encryption standard

A single, full-disk encryption standard that can be used across all hard disk drives, solid state drives (SSD) and encryption key management applications has been established. Once enabled, any disk that uses the specification will be locked without a password -- and the password will be needed even before a computer boots. Any drive, in conforming to these standards, will have the same interface commands.

By using a single, full-disk encryption specification, all drive manufacturers can bake security into their products' firmware, lowering the cost of production and increasing the efficiency of the security technology.

For enterprises rolling out security across PCs, laptops and servers, standardized hardware encryption translates into minimum security configuration at installation, along with higher performance with low overhead. The specifications enable support for strong access control and, once set at the management level, the encryption cannot be turned off by end-users.

Robert Thibadeau, chief technologist at Seagate Technology and chairman of the TCG(The Trusted Computing Group) said these [enabled] drives can be used to childproof your laptop because it operates outside of Windows. Windows hasn't even booted yet. Children can't crack it unless [he] has the password. You can leave the laptop at home and rest assured a 14-year-old can't get on it.

IT departments will also be able to repurpose drives using the encryption standard by cryptographically erasing them with a few keystrokes. Cryptographic erasure changes the cryptographic key, thus making data permanently inaccessible.
VIA

View blog reactions