Enterprise SSD Encryption Shouldn’t Be Spooky!

By Jon Tanguy - 2015-10-28

National Cybersecurity Awareness Month is winding down here in the United States, and we are gearing up for our Halloween celebrations.  As the spooks and specters float about here at the end of October, I am wondering if this is why October was chosen to highlight this important issue.  Data security can be spooky.  It’s a very difficult, scary issue for anyone to deal with, from the CIO, to the IT pro who manages the infrastructure, to the end user who owns the data that could be at risk if the proper measures aren’t taken.  At Micron, though, we think we have the products to take the spooky out of your data storage.

Make no mistake, threats abound.  At Micron we’ve been researching data security threats, particularly potential attacks on stored data and on storage devices.  We have now engineered a range of storage solutions to do our part to protect your valuable data.  In this space, I’ve talked quite a bit about our TCG Opal self-encrypting drives (SEDs), but today I want to focus on our enterprise security offerings – the SED variants of the M500DC and the M510DC.

Gauging the Threat

Our colleagues at Gemalto tell us that in 2014 about 1 billion data records, including sensitive information, were in some way compromised.  As recently as 2012, the number of records lost totaled about 250 million, meaning the number of breached records is essentially doubling each year. So even though we don’t yet have data for 2015, you can imagine what the number is going to be.  That is scary!  And these breaches are occurring across all industries, from healthcare to banking and finance to retail.

Of course, the loss of 1 billion records doesn’t happen one record at a time.  Generally, when an enterprise is attacked, thousands or tens of thousands of records can be lost.  According to the Ponemon Institute, the average breach costs an enterprise upwards of $5.85 million.  Even scarier:  More than half of that is because of lost future business, because current and prospective customers have lost faith in the business.

And of course, these are only the breaches for which public disclosure is required.  It’s more difficult to gauge the amount proprietary data that is stolen, which may not compromise customer data but can be equally devastating financially or competitively.

It must be said that not of all breaches are due to lost or stolen data at rest on data storage devices.  Estimates by security experts tell us that somewhere between 10% and 20% of reported data breaches are because of the physical loss of control of data storage devices; since we’re talking about 10% of a billion, that’s still a huge amount of sensitive data records!  While sensitive data stored on mobile computers is a big risk, enterprise data is at risk, too!  We’ve had reports of drives “walking away” from data centers, or even whole servers going missing.  Another big source of data breaches is when storage devices are retired and the sensitive data on board is not properly sanitized. Spooky!

M500DC and M510DC:  Unique Security Products for Enterprise Storage

The Trusted Computing Group is the industry organization which creates and manages specifications for encrypted data storage.  Micron is a contributing member of the TCG and is an active member of the working groups which develop and manage the specs. The TCG’s major specifications for data storage are the TCG Opal Security Subsystem Class (SSC) and the TCG Enterprise SSC.

As the name implies, the TCG Enterprise spec applies to data storage devices and controllers which operate in enterprise storage, anywhere from server-based storage to NAS and large storage arrays.  Micron’s enterprise SEDs have been extensively tested to work with the Avago/LSI MegaRAID SafeStore software and designed to work on MegaRAID controllers, which also support SATA SEDs.

We discuss the performance characteristics and targeted enterprise applications for these two products elsewhere on our web site, but for now, let’s focus on this simple fact:  The M500DC and the M510DC are the only SATA SSDs on the market which follow the TCG Enterprise protocol. The only ones!

The M500DC and M510DC both provide hardware-based AES-256 encryption engines – 256-bit encryption which is essentially unbreakable.  When mated with Avago/LSI RAID controllers, which provide secure authentication to each drive in a RAID array, the TCG protocol provides conditions under which any removed drive cannot be authenticated and read from a different computer.  The data are completely encrypted and unreadable by any known means.

Finally, these SEDs provide the ability to cryptographically erase the drive.  To completely ensure that the data are truly gone before retiring the drive, a simple authenticated command can be sent to the drive to change the 256-bit encryption key stored on the drive.  At that point, even the original host system can’t read the data, so it certainly will be unreadable by any other system.  It’s really a belt-and-suspenders approach to purging data in an operation that only takes a couple seconds, as opposed to the many minutes or even hours that it takes to perform an analogous operation on an HDD, while avoiding the cost of expensive HDD de-gaussing equipment or services.

Keeping Invaders at Bay

Threats to your data security are possibly more prevalent and, frankly, scarier than ever before.  But when Micron’s SEDs are part of your overall data security plan, you can start to put a lot of these fears to rest.  At the very least, when your data at rest is secure on a Micron SED, it will free you up to work on security for the rest of your data storage and compute infrastructure.

We want to hear from you! Feel free to leave us a comment below and connect with us on Twitter @MicronStorage and LinkedIn


Jon Tanguy

Jon Tanguy

Jon is a Senior Technical Marketing Engineer for Micron's Storage Business Unit, with a focus on client solid state drives.