New disk encryption standards could complicate data recovery
So, what do you do if you lose your password?
Computerworld - When the world's largest disk-makers joined last week to announce a single standard for encrypting disk drives, the move raised questions among users about how to deal with full-disk encryption once it's native on all laptop or desktop computers.
For example, what happens if a user loses a password -- essentially leaving the drive filled with data that can no longer be unencrypted? Or what if a drive becomes corrupted or damaged, the data has to be recovered by a third party -- and your password is on the drive?
"Then you have just killed yourself," said Dave Hill, an analyst at research firm Mesabi Group.
The Trusted Computing Group (TCG), made up of disk hardware and software vendors, last week published three encryption specifications to cover storage devices in consumer laptops and desktop computers as well as enterprise-class drives used in servers and disk storage arrays.
Some industry observers believe that within five years, all disk drive manufacturers will be offering drives -- both hard disk and solid-state disk -- that use the specifications for firmware-based encryption.
While enterprises using drives with full-disk encryption, such as the Seagate Momentus 5400 FDE.2 drive or Fujitsu's 2.5 7200rpm self-encrypting drive, would monitor them through a central access administrator with a master password to unencrypt, consumers purchasing laptops or desktops with drives would face a more daunting scenario: They would need to either back up their data and their passwords, or lose their drives and data.
Robert Thibadeau, chief technologist at Seagate Technology LLC and chairman of the TCG, said the current disk-encryption specifications allow users to create more than one password to access data, so that if a user were to lose one, he could still access his hard drive with a backup password.
"Furthermore, with some password settings, you can provide a password that allows erasure so you can put the drive back into use, but the data will be gone," Thibadeau said.
If a drive were to become corrupted or the hardware damaged and a data recovery firm needed to retrieve a user's disk, Thibadeau said, the recovery firm could use the password to recover data from the damaged hardware. The TCG is also working with data recovery firms to create a technique that would allow them to recover encrypted data on drives using the standards, without requiring a user password.
Currently, however, if a user loses his password and a drive becomes damaged or corrupted, the data is not recoverable, Thibadeau admitted.
David Virkler, CIO at AdaptaSoft Inc., a payroll systems software and services company, said that administration of drives with hardware-based encryption is easy and that he has seen no I/O slowdown. Virkler installed Seagate's self-encrypting, 2.5-in. Momentus 5400.2 drives in October 2007 on his company's Dell laptops in order to protect customer financial data that his company often deals with in its service capacity. He paid a $40 premium for each self-encrypting drive, spending about $120 total for each 80GB drive.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Using VM Archiving to Solve VM Sprawl This CommVault whitepaper discusses how archiving virtual machines can mitigate VM sprawl with a comprehensive approach to VM lifecycle management.
- Keep Your Network Available, Efficient and Secure Make the most of your network by working with experts who "get it." CDW and F5 have partnered to keep networks highly optimized....
- VCE Converged Infrastructure Enables Continuous Operation for Swiss Power Plant Read how Vblock™ Systems, running in active-active mode, enabled KKL to transform its twin data centers in just two months, enable continuous operations,...
- The Future of IT: A Customer First Approach Explore how customer-first policies can make use of social, mobile and cloud technologies to give workers the freedom and flexibility they desire to...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage... All Data Storage White Papers | Webcasts