willettworks.com

Michael Willett presented an invited tutorial on Self-Encrypting Drives at the SNIA/SNW Fall 2009 Conference in Phoenix on 12 Oct 2009. The charts are available at:
  

http://www.snia.org/education/tutorials/2009/fall/security/MichaelWillett-Self_Encrypting_Drives-FINAL.pdf

  

Identity Management 2009:  "Transparent Government - Risks, Rewards, Repercussions"
Date:  29 & 30 September
Location: NIST Gaithersburg, Maryland Facility
Event website: http://events.oasis-open.org/home/forum/2009

Produced by OASIS

OASIS is pleased to announce that Dr. Michael Willett will be representing the ISTPA and WillettWorks at our upcoming conference on 29-30 September 2009. The title of his talk will be "Implementation of Privacy Management Throughout the Life Cycle of Personal Information". 

An early-bird discount, as well as a substantial OASIS member discount is available. If you or any of your co-workers would like to take advantage of this savings, please register using the on-line registration form (http://events.oasis-open.org/home/forum/2009/registration) or contact OASIS directly events@oasis-open.org.

As national and international governments endeavor to provide open, transparent and trusted services, the challenges of managing citizens’ identities and access to information require careful planning, a strong policy focus, and attention to standards and interoperability.

Identity Management 2009 will provide users who are evaluating or looking to deploy security infrastructures with an opportunity to explore the state-of-the-art in security services, standards and products. It will also offer users the opportunity to present and share their use cases, requirements and experiences with some of the leading experts in this field.

For registration information, including registration discounts, special hotel rates, or to see a full conference program -- please visit the conference website (http://events.oasis-open.org/home/forum/2009)  or email us at events@oasis-open.org.

We look forward to seeing you this September in Gaithersburg!

Indirect encryption solutions for stored data are used today because that is what has been available historically. These indirect methods include host-based software, especially for laptops. All reads/writes to storage have to go indirectly through the software application. But, the storage industry is vigorously adopting the direct, hardware-based, self-encryption solution that has recently been specified by the TCG, with contribution from all the major storage vendors.

If only the storage industry had thought of this approach sooner, the indirect methods probably would not have appeared. Now, the I.T. industry faces a methodical migration to self-encryption, as part of the normal component replacement cycle. The migration is worth the effort, due to the superior properties of self-encrypting drives (SED) when compared to software solutions:

   - transparency: SEDs come from the factory with the encryption key already generated on board.
     An SED is an encrypting drive right out of the box.

   - ease of management: No encrypting key to manage.

   - life-cycle costs: The cost of an SED is pro-rated into the initial drive cost. Conversely,
     software has a continuing life cycle cost, due to software licensing and upgrades,
     as well as day-to-day management costs.

   - disposal or re-purposing cost: With an SED, simply erase the on-board encryption key
     and the drive is "erased". With the only copy of the key gone, no one can read the encrypted data.

   - re-encryption: With SED, there is no need to ever re-encrypt the data, since the encryption key
     is never changed throughout the active life cycle of the drive.

   - Performance: No degradation in SED performance; the encryption operates at channel speeds.
     Can't say that about software!

   - Standardization: The whole drive industry is building to the TCG/SED Specs, providing for interoperability
     and competition, and thus driving down cost.

   - No interference with upstream processes like data compression and de-duplication:
    The encrypt/decrypt function is performed inside the drive. Software solutions on the host can interfere
     with such processes.   
        
SEDs possess other superior properties when compared to software solutions, which you can discover by seriously considering an evolution of your storage infrastructure to self-encryption.

Self-encrypting hard drives (SED) integrate the AES encryption hardware and strong access control directly into the drive electronics and thus avoid many of the vulnerabilities of software-based solutions. SED protects against computer loss or theft and facilitates computer re-purposing and end-of-life. By deleting the cryptographic key under strong administrative access control, the drive can be instantly “sanitized”. SED satisfies the encryption safe harbor exemption in breach notification laws. SED has been standardized across the storage industry, from the laptop to the data center, and products are now available from all the major storage vendors.