Toshiba announced a 7,200 RPM 2.5-inch Self-Encrypting Drive (SED) that provides government-grade AES-256 hardware encryption incorporated in the disk drive’s controller electronics.
Based on the Opal Security Subsystem Class (Opal SSC) specification from the Trusted Computing Group (TCG), the new Toshiba SED enables secure and quick deployment of encryption on notebook and desktop PCs to protect confidential information.
SEDs designed to the Opal SSC specification provide advanced access authentication and built-in hardware data encryption. Because it is an open industry standard, Opal encourages broad support from both security solutions vendors and SED makers – enabling seamless management of most deployments that support both pre-existing software encryption and Opal SSC-specified SED storage.
The MKxx61GSYD is the newest addition to the Toshiba family of drives designed for commercial notebooks and security-sensitive applications, including shared desktop PCs. The drive’s built-in hardware encryption offers benefits that go beyond software encryption:
Stronger security: The Toshiba MKxx61GSYD provides AES-256 encryption built into the drive’s electronics hardware. This government-grade encryption increases security for data that reside on the storage media. The Toshiba AES-256 encryption algorithm implementation is certified by the US National Institute of Standards and Technology (NIST) through its Cryptographic Algorithm Validation Program (CAVP).
Ease of deployment: With SED storage, the initial encryption of OS files, applications, and user data is performed at full I/O speeds by the SED as the data are transferred to the disk media. With software encryption, loading of the OS, applications and user data must be completed prior to reading and encrypting the same data within the PC’s system memory and re-writing the encrypted data back to the drive.
This “re-encryption cycle” often takes hours and may create a security gap during initial system deployment. With SED drives, disk contents are encrypted as they are loaded, providing both a faster and more secure deployment process. These same advantages help to reduce IT support burdens when recovering or re-purposing a notebook or PC using SED storage.
Compatibility: The MKxx61GSYD is compatible with leading third party security management applications for notebook and other client PCs. Recognizing the need for stronger and more transparent deployment of encryption, leading independent software vendors (ISVs) have participated directly in the development of the TCG’s Opal SSC specification.
Improved performance: Software encryption uses CPU cycles and system memory capacity, reducing the performance of applications. The hardware encryption built-into the MKxx61GSYD allows full storage I/O speeds, ensuring that users will experience no reduction in application performance due to background encryption processes.
Transparency: Because SED security features are transparent to applications and operating systems, the MKxx61GSYD can be deployed into any managed security environment supporting the industry standard Opal SSC specification. The MKxx61GSYD model also provides features to support secure, role-based pre-boot access authentication such as that employed by the leading security management ISVs in their client security, enterprise client administration, and single-sign-on frameworks.
Reduced cost and simplicity: The MKxx61GSYD has built-in hardware encryption and, therefore, can help eliminate expenses associated with software encryption licenses. The built-in encryption also eliminates the need to escrow media encryption keys, reducing the complexity of key management.