Encrypted solid-state drives (SSDs) have been around for more than a decade, but there is still a lack of understanding among end users and some system administrators about how they work and their importance in data security. While most SSDs are self-encrypting drives (SEDs) that offer internal encryption, there are different levels of encryption available, as well as different vendors supplying them, making it crucial for organizations to carefully consider their options.
SEDs utilize the Advanced Encryption Standard (AES) to encrypt data, with AES-128 or AES-256 encryption being the most common. These encryption algorithms have undergone extensive security testing and are proven to be highly secure. When data is written to an SED, it is scrambled using a unique disk encryption key (DEK) that is set at the factory. Only users who possess another key, known as the authentication encryption key (AEK), can command the SSD to descramble the data. Without the AEK, it would be virtually impossible and extremely time-consuming to reconstruct the original data.
One of the advantages of SEDs is that when a decommissioned SSD is discarded, it is highly unlikely that a future user will be able to recover the AEK, rendering the data on the drive inaccessible. Furthermore, organizations can use a special command to deactivate the drive’s internal DEK, effectively making it impossible to recover the scrambled data.
In addition to encryption, there are protocols managed by the Trusted Computing Group that provide even greater security for the most sensitive data stored on SSDs. These protocols verify the integrity of the data and ensure that it has not been tampered with.
The importance of SSD encryption cannot be overstated, especially for medium to large data centers that host systems for multiple customers. Customers entrust their data to these data centers and expect it to be safeguarded. However, hardware failures and system upgrades can lead to the replacement of old SSDs with new ones. If the old SSDs are not properly encrypted, there is a risk that sensitive customer data could be compromised if they fall into the wrong hands. These data centers have a responsibility to protect their customers’ financial, medical, or trade secret information.
Data recovery services also pose a potential risk if the SSDs they retrieve are not encrypted. These services can extract data from damaged or failed SSDs, but if the data is encrypted, it remains safe and secure even in the hands of a third party. Encryption ensures that even if the physical drive is compromised, the data remains protected.
The importance of SSD encryption extends beyond data centers to smaller systems like personal computers. Many PC users store sensitive information on their computers, such as personal finances or private emails. Without SSD encryption, anyone who steals a PC gains access to all this data. It is essential for PC users to be aware of the potential risks of not encrypting their drives.
Surprisingly, many other systems are also targets for data theft. For example, a criminal operation once purchased decommissioned digital photocopiers from a copy service provider and discovered that the copier hard disk drives (HDDs) contained sensitive customer data. The customers were unaware that the copiers had HDDs, and since the HDD data encryption was not enabled, the criminals were able to retrieve images of hundreds of tax returns containing Social Security numbers and other sensitive information. This incident serves as a reminder of the importance of SSD encryption in all systems, regardless of their size or purpose.
There are several products available in the market that offer SSD encryption. Many enterprise SSDs already have encryption capabilities built into the controller chip. Some of the major vendors providing encrypted SSDs include Kioxia, Micron, Seagate, Samsung, Solidigm, and Western Digital. These vendors offer a range of encrypted data center SSDs that provide enhanced security for organizations of all sizes.
In conclusion, SSD encryption is a crucial element in data security, ensuring that sensitive information remains protected even in the event of hardware failures, system upgrades, or theft. It is essential for organizations and individuals to understand the importance of SSD encryption and choose appropriate products that offer robust encryption capabilities.