Toshiba Launches Self-Encrypting Drives With Extra Security

The drives are the first that can also prevent access to the data they store after repeated failed log-ins or the device is removed.

Mathew Schwartz

April 15, 2011

2 Min Read
Network Computing logo

Toshiba on Wednesday announced that it will release the first-ever self-encrypting hard disk drives that can also be crypto-erased.

The new drives aren't self-erasing, but rather can perform a crypto erase, which deletes the key that's used to encrypt and decrypt the drive. At that point, encrypted data on the drive would be irretrievable, except for access by an administrator who also had a copy of the drive's key.

According to Toshiba, the new hard drives perform a check when powered on to ensure that they're interfacing with the correct piece of hardware. If that check fails, the drive can be set to "invalidate" all encrypted data stored on the drive. Data can also be invalidated after a set number of failed log-in attempts--for example, failing to enter the correct pre-boot password. Those are new capabilities. Other included capabilities, such as invalidating encrypted data via a command-line interface or every time drive power is cycled, were previously available on some Toshiba drives.

"Digital systems vendors recognize the need to help their customers protect sensitive data from leakage or theft," said Scott Wright, product manager for Toshiba's storage device division, in a statement. "Toshiba's security technologies provide designers of copiers, printers, PCs, and other systems with new capabilities to help address these important security concerns."

The new serial-ATA drives from Toshiba, known as model type MKxx61GSYG, will run at 7,200 RPM and offer formatted storage capacities ranging from 160 GB to 640 GB. For encryption, Toshiba said the drives comply with the Opal specification from the Trusted Computing Group. Stored data is encrypted using the 256-bit Advanced Encryption Standard (AES 256). Toshiba said the drives should be available by the middle of 2011.

Self-encrypting drives are now available from Hitachi, Samsung, and Seagate. Toshiba also began selling self-encrypting drives via its acquisition of Fujitsu's HDD business in late 2009. In terms of computer sellers, Dell in particular has been offering self-encrypting drives in its products for several years.

Demand for self-encrypting drives continues to increase, according to numerous research reports. In February 2011, Seagate announced that it had shipped one million self-encrypting drives to date. "Companies and government organizations worldwide increasingly are securing confidential information on self-encrypting hard drives, recognizing that this commonsense yet powerful approach simplifies the deployment of security for data at rest," said Charles Kolodgy, research director of security products for market researcher IDC, in a statement at the time.

Indeed, one of the primary attractions of self-encrypting hard drives is that they remove encryption from the hands of users--meaning that they can't deactivate it--while ensuring that it always remains on. Drive makers also say that their hardware-based approach to partial or full-disk encryption is faster than using encryption software running at the operating system level. One criticism of self-encrypting drives, however, has been their relatively high cost and--at least for earlier models--performance that seemed to degrade after extensive use.

About the Author(s)

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights