By Scott Stephen
January 02, 2007
To address the issue of data leaks from stolen or missing laptops, Seagate is working to create the first Full Disk Encryption enabled Hard Drive. The encryption will be performed on the hardware level using a ASIC chip on the drive. Every bit of data will be encrypted before being written to the HDD platter. We interviewed Mr Dan Good of Seagate Technology to find out more about this HDD. Mr. Good is the Senior VP at Seagate Technology.
What led Seagate to develop the FDE technology on hard drives?
The idea first came up from a forum that we had with our research division. Knowing that we had an unique environment with our hard drives and in our hard drive technology, we could do thing differently than what has been done before. After consultation with industry experts we can up with the Trusted Drive architecture five years ago without knowing what the market potential was going to be for data protection at the hard drive level. At the time the Trusted Drive group (at Seagate) was working with the emerging industry standard for enhance security, the Trusted Platform Module (TPM). Under the original TPM guidance, however the hard drive was outside the circle of trusted devices. This meant that our drives were not a trusted device, whereas things like keyboards and mouse devices were. We thought this was not right. So we thought there was an added value in building a security solution in the hard drive and take advantage of the position that we had as a hard drive manufacturer. You know, ultimately the data is coming from the hard drive.
One of the big challenges that we had in making the investment in FDE was not having an understanding of the market opportunity. This was something that Seagate was not accustom in doing. So to validate and understand the requirements, we started to do some market research and gather voice of customer input. Our voice of customer process is a very formal and ridged process that enables us to integrate the requirement of the customers to our product. We found out that requirements that matter to our customers were things like ease of installation, maintenance, TCO, etc; not classical hard drive metrics, not classical hard drive requirements. We are more akin to things like capacity, data transfer rate, rpm, and reliability. So, through our voice-of-customer process we learned what some of the opportunities would be. There were two or three but the one that was most prominent was encryption, providing encryption on the drive itself and having the locking mechanism as close to the data as possible.
So this is pretty much how it all came about.
Do you see further developments in the FDE technology?
Oh yes. One of the things that we are doing in the next 6 months is to identify the paths we want to pursue in taking this technology to the next level and bringing to the main stream. With our Trusted Drive technology we got a whole host of application developers eager to engage with us in this technology model. And the reason is that software vendors, particularity software vendors in the security world need to have some place to hide their secrets. And we provide the perfect place to hide secrets, because we can cryptographically handle things in a way that makes very difficult to snoop or sniff the secrets. We have hidden operation in the drive as well as hidden storage place that normally cant be accessed via ATA commands. So in a way we have a bit of a black box, in terms of a security device, that no one knows what is going on in there, and it is a perfect place to hide stuff.
Has Seagate engaged with Microsoft for its support of the FDE drive?
Definitely. Like with other software partners we have engaged Microsoft to take advantage of what Seagates FDE drive has to offer in enhancing security.
Has Microsoft been receptive to Seagates FDE drive?
I believe so. Im hopeful that Microsoft will be supporting natively the FDE drive in future enhancement of Vista, perhaps by SP2. When this happen its solution will have a broad appeal. But at the same time, it will have a different value proposition than that of other solutions. We feel that the FDE drive is a technology enabler, enhancing and complementing the solutions that are already out there.
Wouldnt Seagates FDE drive be competing with Microsofts Bit-Locker?
It really isnt. For your standard-fare kind of applications that doesnt require a lot of security, they arent really performance sensitive, and the user is very cost sensitive, software-based solutions like Bit-Locker would make much sense. However, for those applications that require the highest and best security, they cannot afford a performance impact, and users can afford to pay a little bit extra for an FDE implementation, Seagates FDE drive would be ideal. Security has always been good, better, best. Or may be starting with bad then good, better, and best. I think Microsoft sees Bit-Locker as good, but I think it can see FDE drive as best.
Performance wise, Seagates FDE drive is the clear winner compared to pure software based FDE implementation. What other areas does the FDE drive excel at?
Easy of use and implementation is another area that the FDE drive excels at. There was a survey done in identifying the challenges of implementing encryption. One of the biggest challenges is managing the encryption. It is a real a pain to manage passwords and keys. By partnering with the application developers we are bridging this gap. One key factor on ease of implementation is that on the FDE drive the encryption is always on, so data is always encrypted. Cost is another area of advantage. Software based FDE solution would end up costing in upwards of $115 per user. The FDE drive cost delta is only $90. So performance, simplicity, and cost are the areas that Seagates FDE drive stands out.
If you would like to discuss more about Seagate FDE HDD and FDE solutions in general please join the FDE Mailing List