Feb 23 2007

Protecting Your Loved Ones

Avoid the journey into legal liability land by exiting at the next signpost — encrypted drives.

We love our notebooks. They let us take our computing resources where we need to go, but with that portability comes risk — not only because notebooks are easy to lose but because stealing them has become an epidemic. But the loss of the machines isn’t the real risk; it’s the loss and potential abuse of the stored data and the consequent legal exposure that are the real dangers.

The obvious answer is to encrypt the data. A number of solutions are available, but the problem is that all of them rely on adding software to Windows. This means that no matter how stable the encryption software, its interaction or interference with other software running on the machine could disable the application and render data inaccessible. Another issue with strong or practically unbreakable encryption is that it’s also computationally expensive and reduces a computer’s performance.

A better encryption approach might be DriveTrust technology from Seagate Technology. DriveTrust code is added to the disk drive firmware to encrypt and decrypt data on the fly. A drive’s firmware is a more stable software environment than Windows encryption software, and the drive’s on-board processor can handle the encryption/decryption workload.

The Whole Shebang

DriveTrust-enabled “hard drives contain full-fledged computing environments — a processor; many megabytes of RAM; a multitasking operating system; dedicated, private magnetic storage; and specialized code to manage drive functions,” says Scott Shimomura, senior product marketing manager for Seagate. “These internal operations are sealed off from other computing resources, making the drive an ideal place for securing information.”

The DriveTrust technology requires users to enter a code before booting the notebook operating system. This prevents malware that could run after booting from either disabling the DriveTrust encryption services or snooping for the password.

DriveTrust also locks the drive to a specific computer, preventing data copying if the drive is removed or installed in another system.

An important bonus is that DriveTrust not only protects disk content, it’s easy to remove data without having to do multiple overwrites because the content is always encrypted. You simply reformat the disk, and you’ll still meet the privacy requirements of legislation such as the Health Insurance Portability and Accountability Act.

Seagate is including DriveTrust technology on its Momentus 5400.2 line of 2.5-inch, 5400-RPM drives. The drives are available in 80-gigabyte, 120GB and 160GB capacities and can transparently replace any notebook’s Ultra ATA/100 or Serial ATA drives. Deploying them is as simple as removing the existing drive and replacing it with a Momentus 5400 FD.2 drive.

Because the Momentus drives are completely transparent to the notebook’s operating system, the DriveTrust technology will work with all versions of Windows, including Vista, and also with Linux.

CEO Takeaway
To maximize the value of migration to encrypted notebook drives, three issues require management oversight:

• Whenever possible, avoid putting sensitive data on mobile computers.
• Determine where mobile machines can be used and why.
• Plan a scaled rollout to replace drives in notebook systems at the greatest risk first.