Had this exact discussion with a customer just last week. Note that with SED or with IBM i Encrypted ASP enablement there is nothing to do to use the data within IBM i in an unencrypted state, it just 'is'. As was mentioned good only for 'mobile' drives.

Watched an interesting video on how to destroy SSDs. Effectively they had a device that looked like a small medieval torture device. Both the top and the bottom plates were festooned with a pattern of very thin very sharp spikes and holes. The SSD is placed between them and the spikes are driven from the top and bottom through the SSD until visible out the other side, then extracted.

The Manufacturer said the method was approved by the DOD as the spikes were in a tight enough pattern to be sure to obliterate all electronics and therefore all memory locations with certainty.

But one of these, with a 1,125 HP CAT would be faster :-)

- Larry "DrFranken" Bolhuis


On 2/14/2014 4:19 PM, Sue Baker wrote:

This is a false sense of security. Data encrypted at rest
simply means that if someone gets their grubby mitts on a device
they cannot read it without first acquiring the key. Something
that is good for personal devices but not necessarily so good
for corporate servers. Most corporate servers have some level
of physical security making it a very low odds item to have hard
drives or SSD take a wander.

What sends chills down my spine is people believing that SEDs or
encryption of data at rest somehow protects the data from
individuals who have no business accessing the data. In other
words, the data can be easily read, downloaded, etc. by anyone
who can log on to the system. Which means in many cases, it can
be downloaded to the oh so insecure laptop and ....... well, I
think you get the picture.

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page