Self-encrypting Drives an Effective Method for Protecting SMB Data

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

I was reading a report at CrunchGear on the topic of erasing and recovering data from hard disk drives (HDD). The article, titled "Erasing And Recovering Hard Drives: An Increasingly Complicated Affair," tapped the expertise of a data recovery expert from DriveSavers to highlight the challenges of data recovery, and also talked about extricating data from solid-state drives (SSD) - an increasingly popular storage technology. DriveSavers is a leader in data recovery services and boasts of having the "most secure and reliable" data recovery services available.


A couple of interesting facts caught my attention:


  • 650 million hard drives are sold every year, with the price per gig still far better for HDDs.
  • As long as the platters are reasonably intact, drive recovery is simply a matter of "careful dissection and re-mounting" of the damaged disk drive.


Compared with HDDs, which through multiple mergers and acquisitions over the years have seen the industry essentially coalesce into mega players Western Digital and Seagate, the nascent SSD market is a very different story altogether. The report noted:

By DriveSavers' count, there are over 100 manufacturers of flash and SSD storage, and quite a few companies putting together drivers, interfaces, and other management software. It's a jungle out there.

As you can imagine, the breakneck pace of advancements and sheer number of SSD manufacturers make the task of data recovery a far more complex one. For example, wear-leveling techniques used to lengthen the usable life of flash memory means that data is often not written consecutively; the data is effectively rendered unrecoverable unless the pattern can be determined.


Protecting Your Data


While the article crystalized the challenge of performing data scrubs on HDD and SSD, it also underscored the best method of ensuring data security: using a self-encrypting drive. A self-encrypting drive encrypts data as it is being written into the storage device, and does the reverse as data is read from it. The obvious appeal of a self-encrypting drive is unobtrusive protection, versus having to perform the additional steps required for software implementations such as Microsoft's Bitlocker drive encryption.


In addition, a self-encrypting drive also makes it possible to achieve data security by simply wiping the encryption key from the disk drive. Certainly, this beats having to perform time-consuming data scrubs multiple times overnight, and then physically shredding the physical disk drive like how Google does it. Of course, the paranoid will probably still want to perform the latter two steps after deleting the encryption key.


The use of self-encrypting disks is still not common in many enterprises, much less small- and mid-sized businesses. Because of that, I'm curious about what steps SMBs have taken to guard their data against leakages and would love to hear from you on this front. Feel free to drop me an email or add a comment below.