Superiority of Self-Encryption over software encryption
Indirect encryption solutions for stored data are used today because that is what has been available historically. These indirect methods include host-based software, especially for laptops. All reads/writes to storage have to go indirectly through the software application. But, the storage industry is vigorously adopting the direct, hardware-based, self-encryption solution that has recently been specified by the TCG, with contribution from all the major storage vendors.
If only the storage industry had thought of this approach sooner, the indirect methods probably would not have appeared. Now, the I.T. industry faces a methodical migration to self-encryption, as part of the normal component replacement cycle. The migration is worth the effort, due to the superior properties of self-encrypting drives (SED) when compared to software solutions:
- transparency: SEDs come from the factory with the encryption key already generated on board.
An SED is an encrypting drive right out of the box.
- ease of management: No encrypting key to manage.
- life-cycle costs: The cost of an SED is pro-rated into the initial drive cost. Conversely,
software has a continuing life cycle cost, due to software licensing and upgrades,
as well as day-to-day management costs.
- disposal or re-purposing cost: With an SED, simply erase the on-board encryption key
and the drive is "erased". With the only copy of the key gone, no one can read the encrypted data.
- re-encryption: With SED, there is no need to ever re-encrypt the data, since the encryption key
is never changed throughout the active life cycle of the drive.
- Performance: No degradation in SED performance; the encryption operates at channel speeds.
Can't say that about software!
- Standardization: The whole drive industry is building to the TCG/SED Specs, providing for interoperability
and competition, and thus driving down cost.
- No interference with upstream processes like data compression and de-duplication:
The encrypt/decrypt function is performed inside the drive. Software solutions on the host can interfere
with such processes.
SEDs possess other superior properties when compared to software solutions, which you can discover by seriously considering an evolution of your storage infrastructure to self-encryption.
If only the storage industry had thought of this approach sooner, the indirect methods probably would not have appeared. Now, the I.T. industry faces a methodical migration to self-encryption, as part of the normal component replacement cycle. The migration is worth the effort, due to the superior properties of self-encrypting drives (SED) when compared to software solutions:
- transparency: SEDs come from the factory with the encryption key already generated on board.
An SED is an encrypting drive right out of the box.
- ease of management: No encrypting key to manage.
- life-cycle costs: The cost of an SED is pro-rated into the initial drive cost. Conversely,
software has a continuing life cycle cost, due to software licensing and upgrades,
as well as day-to-day management costs.
- disposal or re-purposing cost: With an SED, simply erase the on-board encryption key
and the drive is "erased". With the only copy of the key gone, no one can read the encrypted data.
- re-encryption: With SED, there is no need to ever re-encrypt the data, since the encryption key
is never changed throughout the active life cycle of the drive.
- Performance: No degradation in SED performance; the encryption operates at channel speeds.
Can't say that about software!
- Standardization: The whole drive industry is building to the TCG/SED Specs, providing for interoperability
and competition, and thus driving down cost.
- No interference with upstream processes like data compression and de-duplication:
The encrypt/decrypt function is performed inside the drive. Software solutions on the host can interfere
with such processes.
SEDs possess other superior properties when compared to software solutions, which you can discover by seriously considering an evolution of your storage infrastructure to self-encryption.
Comments