Tech Tip #9: The Role of SEDs in Data Management
The loss of data is a concern for pretty much everyone. It can affect you and your business in many ways. The inability to find data can affect being able to call people, treat patients, produce products, fill orders, send invoices, and much more. Taking measures to keep this from happening is a prudent step toward avoiding computer network downtime and having peace of mind. So what is the secret to success?
One effective step you can take is incorporating Self-Encrypting Drives (SEDs). SEDs, as compared to your standard Hard Disk Drive (HDD), have a circuit built into the drive's controller chip. The circuit encrypts all data that is processed through the drive, eliminating the need for third-party software to encrypt your data on standard HDDs.
SEDs work by effectively having two keys, with one key called the MEK or Media Encryption Key, and the other key is a KEK or Key Encryption Key. These keys work in tandem to encrypt the drive. The MEK is the key that encrypts and decrypts the drive, and is set at the factory. The KEK is a key you set during the configuration of your system. What the KEK does is encrypt and decrypt the MEK. Without the KEK during the initial setup, there is no way for the drive to decrypt the MEK. As a result your data becomes unrecoverable.
Benefits of SED’s:
- Limit Attack Surface - SEDs enable you to limit the attack surface of the encryption. Encryption is all done locally on the drive, and nothing is processed within the processor or RAM, limiting the attack surface of the encryption. The process is also completely transparent to the user outside of providing the KEK. Furthermore, no applications or programs need to be run locally within the Operating System.
Secure Erase in Seconds - SEDs give you the ability to Instant Secure Erase a drive within seconds rather than hours. It clears the KEK and resets the encryption, effectively wiping the drive. It saves hours, especially for businesses that wipe drives prior to reuse or destruction. By running the instant secure erase command, you effectively change the key used to decrypt the drive rendering all the previous data unrecoverable.
Deployment strategy with SEDs should be a well thought out plan. The right attention to the specific security problems they mitigate can be useful, but they’re not by themselves a defense against data theft or loss, nor are they by themselves a compliance procedure.
Security is a process, not a product, and while you can buy products that make the process easier, the majority of the heavy lifting is still yours to do. With SEDs the only way to protect against data theft is always the combination of firewalls, SEDs, actual monitoring (not just software), but actual eyes on monitoring. Annual, biannual, or monthly penetration testing.
Remember, the hack comes before the fix. Although the costs are high for security, how much would a breach or theft cost?
Call today to learn more from a network specialist at 651-633-0095.
Find additional Velocity Tech Solutions Tech Tips at #VTStechtips