A company's data may be its most valuable asset, and if misplaced or stolen, organizations run the risk of lost revenue, legal and compliance implications, and a tarnished reputation. And since data spends most of its life at rest on drives within the data center, as these drives leave for repair, retirement, relocation or maintenance, data is vulnerable to being lost or stolen.
The emergence of self-encrypting drives (SEDs) mitigates the security vulnerabilities of data-at-rest. Intel Drive Encryption Management, an Intel Premium feature, when paired up with SEDs, provides you with the data encryption and services you need for hard disk drives. Self encrypting drives help protect your data, reduce your costs, and minimize the impact and liability of theft. And this is all done behind the scenes with transparency to your end users.
Simple, secure and cost-effective self-encrypting drive management
While the encryption capabilities of the drives are the primary level of security, management of the self-encrypting drives is critical to its execution. In fact, the security capabilities offered with drive-level encryption are only as good as the management tool used to implement and manage them. Intel Drive Encryption Management, offered with select models of Intel's SAS 2.0 family of RAID products, maintains, and controls the key linkage and communications with the self-encrypting drives, secures user-selected volume groups, and authorizes the drives to encrypt and decrypt data with pass phrase and security key management.
Auto lock with Local Key Management locks the SED using an authentication key. When secured in this manner, the drive's data encryption key is locked whenever the drive is powered down. In other words, the moment the SED is switched off or unplugged, it automatically locks down the drive's data. When the drive is powered back on, it requires authentication before being able to unlock its encryption key and read any data on the drive. This protects against any type of insider or external theft of drives or systems.
Instant secure erase
Instant secure erase provides instant data protection via cryptographic erase. This feature will delete the existing data encryption key and regenerate a new data encryption key in seconds, enabling drives to be returned, retired, sold or reused securely. If you decide to use instant secure erase only, you will not be required to maintain authentication keys or passwords in order to access the drive's data. The SED will automatically encrypt the data being written to the drive and decrypt data being read from it. When it is time to repurpose or retire the drive, the owner simply sends a command to the drive to perform the cryptographic erase. This command replaces the encryption key inside the encrypted drive, making it impossible to ever decrypt the data. Using Instant Secure Erase, businesses can save time and money by simplifying decommissioning of drives and preserving hardware value for returns and repurposing.