Toshiba Storage Device Division (SDD), the pioneer in small form factor hard disk drives (HDDs), today announced a 7,200 RPM 2.5-inch (6.4cm) Self-Encrypting Drive (SED) that provides government-grade AES-256 hardware encryption incorporated in the disk drive’s controller electronics. The MKxx61GSYD is the newest addition to the Toshiba family of drives designed for commercial notebooks and security-sensitive applications, including shared desktop PCs. The drive’s built-in hardware encryption offers benefits that go beyond software encryption.
Based on the Opal Security Subsystem Class (Opal SSC) specification from the Trusted Computing Group (TCG), the new Toshiba SED enables secure and quick deployment of encryption on notebook and desktop PCs to protect confidential information. Many organisations are taking steps to comply with security policies and new laws governing data privacy. The SED technology from Toshiba helps IT departments to achieve strong, cost-effective security without interrupting business flow or impacting application performance.
SEDs designed to the Opal SSC specification provide advanced access authentication and built-in hardware data encryption. Because it is an open industry standard, Opal encourages broad support from both security solutions vendors and SED makers – enabling seamless management of most deployments that support both pre-existing software encryption and Opal SSC-specified SED storage. SEDs designed to the Opal specification help organisations easily and cost-effectively protect data from theft or unauthorised access, while easing the administrative burdens associated with re-purposing, or retiring client systems and data storage.
The MKxx61GSYD provides organisations with a range of benefits, including:
- Stronger security: The Toshiba MKxx61GSYD provides AES-256 encryption, built into the drive’s electronics hardware. This government-grade encryption increases security for data that resides on the storage media. The Toshiba AES-256 encryption algorithm implementation is certified by the US National Institute of Standards and Technology (NIST) through its Cryptographic Algorithm Validation Program (CAVP). In addition, access to the Toshiba MKxx61GSYD SED can be securely administered or disabled remotely, using capabilities such as those enabled by Intel’s Active Management Technology (AMT).
- Ease of deployment: With SED storage, the initial encryption of OS files, applications, and user data is performed at full I/O speeds by the SED as the data are transferred to the disk media. With software encryption, loading of the OS, applications and user data must be completed prior to reading and encrypting the same data within the PC’s system memory and re-writing the encrypted data back to the drive. This “re-encryption cycle” often takes hours and may create a security gap during initial system deployment. With SED drives, disk contents are encrypted as they are loaded, providing both a faster and more secure deployment process. These same advantages help to reduce IT support burdens when recovering or re-purposing a notebook or PC using SED storage.
- Compatibility: The MKxx61GSYD is compatible with leading third party security management applications for notebook and other client PCs. Recognising the need for stronger and more transparent deployment of encryption, leading independent software vendors (ISVs) have participated directly in the development of the TCG’s Opal SSC specification. As a result, Opal SSC is a broadly-supported industry standard with many security management software vendors supporting mixed environments of Opal SSC-compliant SEDs and legacy software encryption applications.
- Improved performance: Software encryption uses CPU cycles and system memory capacity, reducing the performance of applications. The hardware encryption built-into the MKxx61GSYD allows full storage I/O speeds, ensuring that users will experience no reduction in application performance due to background encryption processes.
- Transparency: Because SED security features are transparent to applications and operating systems, the MKxx61GSYD can be deployed into any managed security environment supporting the industry standard Opal SSC specification. The Toshiba MKxx61GSYD model also provides features to support secure, role-based pre-boot access authentication such as that which is employed by the leading security management ISVs in their client security, enterprise client administration, and single-sign-on frameworks.
- Reduced cost and simplicity: The MKxx61GSYD has built-in hardware encryption and therefore can help eliminate the expenses associated with software encryption licenses. The built-in encryption also eliminates the need to escrow media encryption keys, reducing the complexity of key management.
“Data is at the heart of business success, so it is critical that organisations are proactive in ensuring their valuable customer data does not fall into the wrong hands,” Martin Larsson, Vice President, Toshiba Europe, Storage Device Division. “Strong data encryption and access authentication provide the foundations for meeting the “safe harbour” provisions of privacy protection laws. The MKxx61GSYD helps businesses to protect their data assets by utilising the Opal SCC specification, a global standard which is broadly supported by leading security solutions providers. Users will benefit from richer security capabilities, in addition to optimum application performance.”
Larsson continued: “Toshiba’s close partnerships with the world’s leading independent security vendors ensures that Toshiba’s SED models can be integrated seamlessly with the most widely supported managed security environments. The MKxx61GSYD can be deployed and managed in the same way as existing software encryption solutions for client PCs. This means that businesses can quickly realise the practical benefits of drive-based encryption, without damage to any existing encryption software deployment they might have – assuring organisations of complete data protection.”
“Encryption standards established by organisations such as The Trusted Computing Group are making it significantly easier to deploy security solutions such as self-encrypted HDDs on portable PCs", said IDC industry analyst, John Rydning. "Toshiba is aiming squarely at the need for stronger data security by launching its new mobile 2.5-inch (6.4cm) HDD with AES 256 encryption embedded in the drive hardware, and designed to The Trusted Computing Group's Opal SSC specification."
Toshiba is shipping samples of the MKxx61GSYD now. Volume production is scheduled for Q1 2011.