Seagate Technology LLC is now shipping two new self-encrypting laptop hard drives to laptop manufacturers. But according to one analyst, IT managers shouldn’t solely rely on full-disk encryption measures to keep their data secure.
The new 320GB Momentus FDE (full-disk encryption) laptop drives are now available in 5,400-rpm and 7,200-rpm models, with the 500GB model shipping early next year. Seagate has chosen Dell Inc. to be the first company to ship the new self-encrypting drives. They will be available on Dell’s E-Series line of Latitude notebooks.
Seagate also announced a partnership with McAfee Inc. which will allow IT mangers to use McAfee’s ePolicy Orchestrator (ePO) management system and its endpoint encryption client for enterprise-wide laptop management. McAfee will join SECUDE International AG, Wave Systems Corp., and WinMagic Inc. as Momentus-compatible software management tools.
Unfortunately for some customers, Dell is not yet shipping McAfee’s ePO. The computer manufacturer is instead offering Wave Systems’ Embassy Trust Suite 5.0 encryption management software.
Despite this news, Joni Clark, product marketing manager with Seagate’s personal compute business unit, is optimistic that more companies will start to adopt self-encrypting technology – especially in the small to medium-sized business market.
“You know that financial institutions, health care organizations and other large Fortune 1000 companies are doing this, but it’s the small and medium companies that really need these pieces put together in an easy-to-use package,” she said.
One such medium-sized business is Massachusetts-based pizza chain Papa Gino’s Inc. Chris Cahalin, manager of network operations at the franchise, said he’s deployed 80 self-encrypting notebooks to district and senior-level managers over the last year. He also plans to upgrade to Seagate’s new line of hard drives in the near future.
“To have an environment where everything is protected all the time can be a real relief for IT folks,” he said. “With this hard drive everything that gets saved to the drive is encrypted automatically. When this is built into the hardware, it encrypts as fast as you can write to media. There’s no training and painful implementation needed.”
The ability to centrally manage this security through Wave Systems’ Embassy software, Cahalin added, allows him to protect against offline admin attacks as well.
“It’s really been wonderful to see this huge paradigm shift that’s happened over the last few years where all this security is now being baked into the hardware,” he said.
With encryption technologies becoming the standard in most organizations, most security experts are applauding Seagate’s hard drives as a great starting point for small to mid-range enterprises looking to get into the encryption game. But at least one analyst warns that even full-disk encryption can leave vulnerable to attacks.
David Senf, director of security and software research at IDC Canada, said that while more security is always a good thing, organizations must be careful that they don’t solely rely on full-disk encryption.
“There are a variety of attacks that can be launched against an encrypted device, from the hard to execute ‘cold boot’ attack to a user having left their machine alone, running, already logged in,” he said.
Encrypting the entire drive with one set of keys is just the start, Senf added, advising that IT managers look at file system level encryption as well. He recommended TrueCrypt, a free and open-source encryption product, as a good starting point.
“By encrypting files each with different keys, an attacker is going to find it much more challenging to get at confidential information,” Senf said. “Encrypting the whole drive is good because the user doesn’t have to remember to take any action saving for logging off their machine when it’s not in use.”
But encrypting down to the level of each file, he said, adds an extra level of protection.