I'm purely talking data at rest security here.
Lots of vendors out there selling software based solutions to encrypt your data at rest. My point is, most of them are worthless IMHO with the advent of hardware level encryption that is built into SED drives.
If I had my choice between NON-SED drives and SED drives (in any environment, enterprise or otherwise) I would always pick SED drives wouldn't you?
From: Sue Baker [mailto:sue.baker@xxxxxxxxxx]
Sent: Friday, February 14, 2014 3:19 PM
Subject: RE: Security and SSD
Matt Olson <Matt.Olson@xxxxxxxx> wrote on Fri, 14 Feb 2014
purchase SED drives (self encrypting drives) and you can just wipe the
drive clean in milliseconds by destroying the crypto key on the drive.
Software based encryption on the host is a dead technology in my
This is a false sense of security. Data encrypted at rest simply means that if someone gets their grubby mitts on a device they cannot read it without first acquiring the key. Something that is good for personal devices but not necessarily so good for corporate servers. Most corporate servers have some level of physical security making it a very low odds item to have hard drives or SSD take a wander.
What sends chills down my spine is people believing that SEDs or encryption of data at rest somehow protects the data from individuals who have no business accessing the data. In other words, the data can be easily read, downloaded, etc. by anyone who can log on to the system. Which means in many cases, it can be downloaded to the oh so insecure laptop and ....... well, I think you get the picture.
IBM Americas Advanced Technical Skills (ATS) Power Systems Rochester, MN
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l