Had this exact discussion with a customer just last week. Note that with
SED or with IBM i Encrypted ASP enablement there is nothing to do to use
the data within IBM i in an unencrypted state, it just 'is'. As was
mentioned good only for 'mobile' drives.
Watched an interesting video on how to destroy SSDs. Effectively they
had a device that looked like a small medieval torture device. Both the
top and the bottom plates were festooned with a pattern of very thin
very sharp spikes and holes. The SSD is placed between them and the
spikes are driven from the top and bottom through the SSD until visible
out the other side, then extracted.
The Manufacturer said the method was approved by the DOD as the spikes
were in a tight enough pattern to be sure to obliterate all electronics
and therefore all memory locations with certainty.
But one of these, with a 1,125 HP CAT would be faster :-)
- Larry "DrFranken" Bolhuis
On 2/14/2014 4:19 PM, Sue Baker wrote:
This is a false sense of security. Data encrypted at rest
simply means that if someone gets their grubby mitts on a device
they cannot read it without first acquiring the key. Something
that is good for personal devices but not necessarily so good
for corporate servers. Most corporate servers have some level
of physical security making it a very low odds item to have hard
drives or SSD take a wander.
What sends chills down my spine is people believing that SEDs or
encryption of data at rest somehow protects the data from
individuals who have no business accessing the data. In other
words, the data can be easily read, downloaded, etc. by anyone
who can log on to the system. Which means in many cases, it can
be downloaded to the oh so insecure laptop and ....... well, I
think you get the picture.