MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » February 2014

RE: Security and SSD



fixed

I'm purely talking data at rest security here.

Lots of vendors out there selling software based solutions to encrypt your data at rest. My point is, most of them are worthless IMHO with the advent of hardware level encryption that is built into SED drives.

If I had my choice between NON-SED drives and SED drives (in any environment, enterprise or otherwise) I would always pick SED drives wouldn't you?

Matt



-----Original Message-----
From: Sue Baker [mailto:sue.baker@xxxxxxxxxx]
Sent: Friday, February 14, 2014 3:19 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Security and SSD

Matt Olson <Matt.Olson@xxxxxxxx> wrote on Fri, 14 Feb 2014
16:00:45 GMT:

purchase SED drives (self encrypting drives) and you can just wipe the
drive clean in milliseconds by destroying the crypto key on the drive.
Software based encryption on the host is a dead technology in my
opinion.


This is a false sense of security. Data encrypted at rest simply means that if someone gets their grubby mitts on a device they cannot read it without first acquiring the key. Something that is good for personal devices but not necessarily so good for corporate servers. Most corporate servers have some level of physical security making it a very low odds item to have hard drives or SSD take a wander.

What sends chills down my spine is people believing that SEDs or encryption of data at rest somehow protects the data from individuals who have no business accessing the data. In other words, the data can be easily read, downloaded, etc. by anyone who can log on to the system. Which means in many cases, it can be downloaded to the oh so insecure laptop and ....... well, I think you get the picture.

--
Sue
IBM Americas Advanced Technical Skills (ATS) Power Systems Rochester, MN
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact