Matt Olson <Matt.Olson@xxxxxxxx> wrote on Fri, 14 Feb 2014
purchase SED drives (self encrypting drives) and you can just
wipe the drive clean in milliseconds by destroying the crypto
key on the drive. Software based encryption on the host is a
dead technology in my opinion.
This is a false sense of security. Data encrypted at rest
simply means that if someone gets their grubby mitts on a device
they cannot read it without first acquiring the key. Something
that is good for personal devices but not necessarily so good
for corporate servers. Most corporate servers have some level
of physical security making it a very low odds item to have hard
drives or SSD take a wander.
What sends chills down my spine is people believing that SEDs or
encryption of data at rest somehow protects the data from
individuals who have no business accessing the data. In other
words, the data can be easily read, downloaded, etc. by anyone
who can log on to the system. Which means in many cases, it can
be downloaded to the oh so insecure laptop and ....... well, I
think you get the picture.