With the rise of increasingly sophisticated cyberattacks, advanced encryption tools and technologies are becoming an increasingly popular defense measure against hacker intrusion.
In this blog, you’ll learn more about the different vendors of self-encrypting drives (SEDs) and their unique benefits to protect your HPC at the highest level.
What are self-encrypting drives?
Self-encrypting drives (SEDs) are hard disk drives (HDDs) or solid-state drives (SSDs) that automatically encrypt and decrypt drive data without user input or disk encryption software.
Outside of the consumer market, SEDs are being increasingly adopted for use in government and military applications. They usually require an added layer of security in the form of the NIST’s FIPS 140-2 certification.
What is driving the demand for self-encrypting drives?
Traditional username and password combinations are proving to be relatively ineffective, as cybercriminals are finding ways to gain access to sensitive and classified information through tactics backed by social engineering and artificial intelligence.
In the face of these advanced attacks, customers are vocalizing their need for SEDs and other advanced cybersecurity technologies for mission-critical applications to improve data protection at the hardware level.
Different vendors of self-encrypting drives
Here are some recommendations for vendors of self-encrypting drives, many of whom are partnered with Trenton to help enhance the cybersecurity capabilities of our high-performance computing solutions.
These drives are perfect for Department of Defense (DoD), federal government, and critical infrastructure applications.
CDSG’s CITADEL FIPS-140-2 certified self-encrypting SSDs are integrated hardware solutions that are compatible with systems such as Windows, Linux, and hypervisors like SecureView.
CITADEL SEDs integrate pre-tested multi-factor authentication, pre-boot authentication, and hardware encryption. This enables data-at-rest security solutions to be built with standard laptops, desktops, and tactical servers.
The built-in pre-boot authentication unlocks access to the encrypted operating system or virtual machine on the CITADEL SSD, as well as the data stored there.
The secured data is encrypted by the NSA-approved Advanced Encryption Standard (AES) 256-bit encryption at the hardware level. Once booted, CITADEL allows no-overhead, hardware-speed access to encrypted data at the full performance of the system.
The disk encryption key (DEK) is never present in the computer’s processor or memory, where it is vulnerable to hacker attacks.
The key used to encrypt and decrypt is securely stored on the drive only, and it is encrypted with Advanced Technology Attachment (ATA) passwords, so it is accessible to the drive only after successful user authentication. Without the key, the data remains encrypted on the media.
Authentication of the user is done by supplying the ATA user password within the SED, which is isolated from the operating system (OS), and, as a result, attacks on the OS cannot affect an SED’s boot process.
MEMKOR SEDs are military-grade, FIPS 140-2 certified drives, designed with MIL-STD-180F/G specifications in mind, that meet requirements such as extreme performance, minimal power consumption, or prioritizing user data protection, and they are placed in a variety of applications.
Here are six kinds of MEMKOR SEDs:
- M+ Secure: M+ Secure drives support a variety of SED management functions, such as ATA Commands, TCG (Trusted Computing Group) Opal, and TCG Enterprise, all of which ensure data security for storage deployment.
- M+ Rugged: All industrial SSDs are built using a special bill of materials (BOM). M+ Rugged (Extra Rugged) drives can operate at high altitude, extended temperatures, and a vibration of up to 16.3 GRMS.
- M+ Capacity: M+ Capacity drives offer the highest density and highest capacity solid state storage in either stands or proprietary form factors, with up to 24TB of solid state storage.
- Performance: Performance drives enable high throughput real time data recording, video streaming, cloud computing, large database and transaction processing applications. Firmware can be optimized for application-specific minimization of latencies and smooth handling bursts of data.
- Smallest form factor: MEMKOR ORANGE drives include a number of small form factor SSDs suitable for deployment and embedded storage in compact size mission, industrial, and medical computers.
- Legacy embedded flash: Legacy embedded flash drives are solid state storage solutions designed as a drop replacement for legacy computers that use traditional rotational or flash-based drives.
NGD NVMe SEDs are computational storage drives that offer a significant performance boost to mission-critical AI/ML/DL applications in real-time.
These self-encrypting drives manage massive amounts of drive data locally by bringing compute resources to the drives themselves, reducing data movement and processing burdens of a host server’s or workstation’s memory and CPUs.
They are particularly useful for large data sets and latency-sensitive applications that require immediate, actionable insights.
Seagate FIPS 140-2 certified SEDs like the Exos X Series Hard Drives are designed to protect data-at-rest and reduce IT costs.
Seagate Instant Secure Erase makes all data on the hard drive unreadable in less than a second via a cryptographic erase of the data encryption key to securely return, reuse, or dispose of the drive.
Auto-Lock automatically locks the drive and secures its data the instant a drive is removed from a system, or the moment the drive or system is powered down.
Self-encrypting drives help thwart unauthorized access and protect data-at-rest, data-in-use, and data-in-transit.
Tech companies like Intel, CDSG, MEMKOR, NGD Systems, and Seagate take different approaches to securing sensitive and classified information within hard-disk or solid-state drives for a variety of military and government applications.
Incorporating self-encrypting drives can provide customers with solutions for their programs and applications that protect data integrity when it matters most.