Seagate Works To Secure Laptops
We saw some interesting developments in storage this week with Seagate's announcement of a fully encrypted notebook drive.
from eWeek
Laptop computers are quickly becoming standard-issue equipment for enterprise workforces across the globe, but the productivity gained from this added mobility comes at a price: increased exposure to theft, loss and damage.
Luckily, IT managers seeking to safeguard mobile data have a growing number of options at their disposal.
One such option is Seagate's fully encrypted Momentus FDE.2. On March 12, Seagate began shipping the drive to ASI Computer Technologies to be used in notebook PCs with hardened security. ASI is a hardware component distributor catering to white-box system integrators and is using the disks in machines branded for sale under the integrators' names.
The Momentus FDE.2 employs a dedicated ASIC to process the drive's AES 128-bit encryption on the fly. This enables SATA 1.5G bps transfer speeds on the 5,400rpm drive while minimizing load on a host machine's CPU. The drives will come in 80, 120 and 160GB capacities.
Seagate officials claim that the Momentus FDE.2's native hardware-based encryption gives it a performance edge over software-based encryption programs such as Microsoft Windows Vista's BitLocker and TrueCrypt, an open-source encryption application.
IT managers will be glad to know that Seagate's hardware-based encryption is always turned on and, perhaps more importantly, users cannot turn it off. After all, no security scheme is effective without consistent application in the field. Moreover, full disk encryption relieves the burden on users to remember to save sensitive files to specific folders or volumes on the drive.
To complete the circle of trust, ASI has incorporated Wave Systems' Embassy Trust Suite management tools. Wave's software handles management of keys and passwords, TPMs (trusted platform modules) and authentication with biometric, smart card and Windows domain logins.
According to Lark Allen, Wave Systems' executive vice president of corporate development, Wave has licensed software to most TPM chip manufacturers, and the company's Embassy software suite supports all existing TPMs. However, the current version does not support single sign-on. Therefore, users logging in with a fingerprint scan will be prompted for a password when starting up their systems and each time after the hard drive is power cycled.
Wave officials indicated that they would be working with OEMs and BIOS vendors to add that functionality in the future.
IT administrators can also access Seagate's DriveTrust security features built into the Momentus firmware with Wave's Embassy software. For example, the Momentus can store login and password pairs for as many as four users and four administrators. Regular user privileges are limited to log-in and password changes.
Administrators can add or remove users, assign recovery passwords and perform the "crypto erase" function to quickly and safely repurpose or retire disks storing sensitive data.
posted by Backup Central @ 11:02 AM
