In the not too distant future, your spacious magnetic hard drives and solid state drives (SSD) will come with on-board circuitry that supports full-disk encryption utilizing Advanced Encryption Standard (AES) 128-bit or 256-bit keys. A hardware Trusted Platform Module (TPM) is not a requirement although it is becoming ubiquitous and a pre-requisite for certain server or host-based virtualization technologies like Hyper-V.
Common storage interfaces and connections used in desktops or enterprise server disk storage arrays such as ATAPI, SCSI SAS, ATA parallel and serial, and Fibre Channel are supported. Major manufacturers are scheduled to roll out self-encrypting devices based on the 3 standardized storage device specifications from the Trusted Computing Group (details here). All this translates to increased efficiency of the security technology, minimum security configuration at installation, along with higher performance with low overhead and improved device interoperability.
Essentially, a password or pass phrase is mandatory to gain access to the storage device. This happens even before the operating system bootstraps and loads, analogous to but significantly more secure than a simple BIOS password. The password is required to unlock a key used to decrypt the data.
An enterprise can configure strong access control to prevent encryption from being disabled by end-users. Cryptographic erasure of a managed encrypted device for re-provisioning is made possible with a few keystrokes at the IT level using standards compliant encryption key management applications. Existing data will be permanently inaccessible since the cryptographic key is modified.
Technorati tags: Security
