To get started, click accept below to bring up the cookies management panel. Next, tap or click on the Personalization button to turn on the chat feature, then Save.
From businesses and governments to individuals, there is one thing today that everyone around the world shares: the need and desire to secure important personal and private information. Whether it is being stored or transported, data protection is absolutely essential. The financial and reputational cost of data breaches, hacking, and lost or stolen laptops/PCs can be astronomical.
To protect against malicious hackers and organisational data breaches, it is necessary to encrypt in-flight data as well as data at rest. Encryption provides a fortified layer of protection just in case unauthorised access is somehow granted to a computer network or storage device. In this event, the hacker cannot gain access to the data. Throughout this article, we focus on software-based encryption, Self-Encrypting Drives (SEDs for short) and a basic explanation on how SSD encryption works.
What is encryption?
In layman’s terms, encryption converts information entered in a digital device into blocks of meaningless-looking data. The more sophisticated the encryption process, the more illegible and undecipherable the encrypted data. Conversely, decryption changes the encrypted data back to its original form, rendering it readable again. Encrypted information is often referred to as cipher text while non-encrypted is referred to as plain text.
Software vs hardware encryption
Software encryption uses a variety of software programs to encrypt data on a logical volume. When a drive is first encrypted, a unique key is established and stored in computer memory. The key is encrypted with a user passphrase. When a user enters the passphrase, it unlocks the key and gives access to the unencrypted data on the drive. A copy of the key is also written to the drive. Software encryption operates as the middleman between the application’s reading/writing data to the device; when data is written to the drive, it is encrypted using the key before it is physically committed to the disk. When data is read from the drive, it is decrypted using the same key before being presented to the program.
While software encryption is cost effective, it is only as secure as the device it is used on. If a hacker cracks the code or password, your encrypted data is exposed. Also, since encryption and decryption are done by the processor, the entire system slows down. Another vulnerability of software encryption is that upon system boot, the encryption key is stored in computer memory, making it a target for low-level attacks.
Self-encrypting drives (SEDs) use hardware-based encryption which takes a more holistic approach to encrypting user data. SEDs have an onboard AES encryption chip that encrypt data before it is written and decrypts it before it is read directly from the NAND media. Hardware encryption sits between the OS installed on the drive and the system BIOS. When the drive is first encrypted, an encryption key is generated and stored on the NAND flash. When the system is first booted, a custom BIOS is loaded and will ask for a user passphrase. Once the passphrase is entered, the content of the drive is decrypted and access to the OS and user data is granted.
Self-encrypting drives also encrypt/decrypt data on the fly, with the onboard encryption chip responsible for encrypting data before it is committed to the NAND flash and decrypting data before it is read. The host CPU is not involved in the encryption process, reducing the performance penalty associated with software encryption. In most cases, the encryption key is stored in the SSD onboard memory on system boot, which increases the complexity of retrieving it; making it less vulnerable to low-level attacks. This hardware-based encryption method offers a high level of data security as it is invisible to the user. It can’t be turned off and does not impact performance.
AES 256-bit hardware-based encryption
AES (Advance Encryption Standard) is a symmetric encryption algorithm (meaning the encryption and decryption keys are the same). Since AES is a block cipher, data is divided into 128-bit blocks before encrypting it with the 256-bit key. AES 256-bit encryption is an international standard that ensures superior data security and is recognized by the US government among others. AES-256 encryption is basically undecipherable, making it the strongest encryption standard available.
Why is it undecipherable? AES is comprised of AES-128, AES-192 and AES-256. The numerals represent the number of key bits in each encryption and decryption block. For each bit added, the number of possible keys doubles meaning 256-bit encryption is equal to two to the 256th power! Or a very, very large number of possible key variations. In turn, each key bit has a different number of rounds. (A round is the process of turning plain text into cipher text.) For 256-bits, there are fourteen rounds. So, the chance of a hacker coming up with the correct sequence of 2 to the power of 256 (2256 ) bits being scrambled fourteen times is staggeringly low, to say the least. Not to mention, the time and computing power necessary to do the job.
TCG Opal 2.0 software-based encryption
TCG is the international industry standards group that defines hardware-based root of trust for interoperable trusted computing platforms. This protocol can initialise, authenticate and manage encrypted SSDs through usage of independent software vendors featuring TCG Opal 2.0 security management solutions such as Symantec™, McAfee™, WinMagic® and others.
In summary, while software-based encryption does have its advantages, it may not match its perception as being comprehensive. Software encryption adds extra steps because the data needs to be encrypted then decrypted when the user needs to access the data, whereas hardware-based encryption offers a more robust solution. A hardware-encrypted SSD is optimised with the rest of the drive without affecting performance. Depending on the application, you may be surprised by what is involved in securing your data. Not all encryption is the same but understanding the differences will play a key part in how effective and efficient your security is.
The importance of organisations to consider Revenue, Profit & Risk as equal in organisations to ensure they mitigate data security & cyber security risks. Read this article from Industry Expert, Bill Mew & he will provide you with an insight on this topic.
Choosing the right SSD for your server is important since server SSDs are optimized to perform at a predictable latency level while client (desktop/laptop) SSDs are not. These difference result in better uptime and less lag for critical apps and services.
What strategies can organisations use to best secure customers data in a post-GDPR world with the ever-evolving nature of cyber security threats? Kingston pooled the knowledge of some of the UK’s most experienced commentators in cyber security to discuss how data protection has changed since the introduction of GDPR.
You already know that remote working is a business enabler. But the challenges posed to your network security and compliance with GDPR are too big to ignore.
End-to-End Data Protection protects customer’s data as soon as it is transferred by the host system to the SSD, and then from the SSD to the host computer. All Kingston SSDs incorporate this protection.
This program offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the programme delivers precisely what your organisation needs.
Everyday working life has changed radically and so have traditional ways of working: thanks to mobile storage media, we can access our data practically at any time from any location, and can work on our data wherever we are.
Heathrow Airport in London (30 October 2017) uses unencrypted USB drives for its non-cloud storage. Unfortunately, it was not standardized on encrypted USB drives.
Testing is a cornerstone of our commitment to deliver the most reliable products on the market.
We perform rigorous tests on all of our products during each stage of production. These tests ensure quality control throughout the entire manufacturing process.