A few years ago, I boldly predicted that PC encryption would go through a technical transition. My instincts told me that software-based encryption from companies like PGP, McAfee (SafeBoot), and Check Point Software (PointSec) would be usurped by laptops and desktops with standards-based (i.e., TCG standards) Self-Encrypting Drives (SEDs).
This seemed like a “no brainer” based upon industry history. For years new Intel chips would include new functionality, as did each Windows release. If encryption came as a standard feature on Seagate, Hitachi, Fujitsu, and Western Digital drives, it was logical that this would become the default configuration. Besides, SEDs are faster and more secure than software, so regulatory compliance activity was sure to add fuel to the SEDs fire.
Fast forward to 2010 and I readily admit that my timing was off. Check Point, McAfee, PGP, and others continue to sell tons of software encryption licenses while few have adopted self-encrypting drive-based systems. Why?
So does all this mean that SEDs are dead? Not at all. In fact there may be a SEDs renaissance any time now. The reason is simple. Some software-based encryption doesn’t protect data if PCs are in “sleep” or “hibernate” mode. Given the start-up time of Windows, many users take full advantage of sleep/hibernate modes, so this is a serious hole. Combine this with the fact that many organizations provide users with administrator access to their PCs and you’ve got a real problem — you can’t claim that a lost or stolen PC was actually protected if this loophole — and user behavior — exists.
Since SEDs overcome this issue, lawyers, auditors, and compliance officers may demand that new PCs come with self-encrypting drives onboard. Sounds extreme, but security-oriented purchasing behavior is already pretty pervasive.
From a security perspective, SEDs are a great option. Combine this with regulatory and litigation pressure and they may gain momentum after all. Software vendors take note, you may be dragged into supporting SEDs sooner than you think.
Related posts:
Tags: Dell, encryption, Laptop, PC, Self-encrypting drives
Name (required)
Mail (will not be published) (required)
Website
Your email: