New Disk Encryption Standards May Complicate Data Recovery
When the world's largest disk makers joined last week to announce a single standard for encrypting disk drives , the move raised questions among users about how to deal with full-disk encryption once it's native on all laptop or desktop computers.
For example, what happens if a user loses a password -- essentially leaving the drive filled with data that can no longer be unencrypted? Or what if a drive becomes corrupted or damaged, the data has to be recovered by a third party -- and your password is on the drive?
"Then you have just killed yourself," said Dave Hill, an analyst with the research firm the Mesabi Group.
The Trusted Computing Group (TCG) , made up of disk hardware and software vendors, last week published three encryption specifications to cover storage devices in consumer laptops and desktop computers as well as enterprise-class drives used in servers and disk storage arrays.
Some industry observers believe that within five years, all disk drive manufacturers will be offering drives, both hard disk and solid-state disk, that use the specifications for firmware-base encryption.
While enterprises using drives with full-disk encryption, such as the Seagate Momentus 5400.2, would monitor them through a central access administrator with a master password to unencrypt, consumers purchasing laptops or desktops with drives would face a more daunting scenario. They would need to either back up their data and their password, or lose the drive and data.
Robert Thibadeau, chief technologist at Seagate Technology and chairman of the TCG, said the current disk-encryption specifications allow users to create more than one password to access data, so that if a user were to lose one, he or she could still access their hard drive with a backup password.
"Furthermore, with some password settings you can provide a password that allows erasure so you can put the drive back into use, but the data will be gone," Thibadeau said.
If a drive were to become corrupted or the hardware damaged and a data recovery firm were needed to retrieve a users' disk, Thibadeau said the recovery firm could use the password to recover data from the damaged hardware. The TCG is also working with data recovery firms to create a technique that would allow them to recovery encrypted data on drives using the standards without needing a user password.
Currently, however, if a user loses their password and a drive becomes damaged or corrupted, the data is not recoverable, Thibadeau admitted.
David Virkler, CIO of AdaptaSoft Inc., a payroll systems software and services company, said administration of drives with hardware-based encryption is easy and he's seen no I/O slowdown. Virkler installed Seagate's self-encrypting, 2.5-in. Momentus 5400.2 drives in October 2007 on his company's Dell laptops in order to protect customers' financial data that his company often deals with in its service capacity. He paid a US$40 premium for each self-encrypting drive, spending about $120 total for each 80GB drive.
While the rollout was easy, he admits that if a company doesn't already have a group policy in place -- a domain name server and an active directory -- then it would be "painful" to roll out. "You'd have to manage each laptop individually," he said.
At AdaptaSoft, Virkler instituted a policy at the time of the rollout that warned workers not to keep critical data on their laptops; instead they were told to always use the company's network drive for the highest priority information in case of a drive failure. "If laptop crashes, I'm not going expend a lot of energy to get it back. I'd also imagine any data recovery options would be nearly impossible," he said.
Virkler said he's now interested in using self-encrypting drives in his data center, but he's not sure how they would work, as he also runs Citrix and virtualization software.
Ken Waring, IT director at CBI Health in Toronto, said his organization needs encryption on its drives to protect sensitive patient information, but he's also concerned about emerging technologies, including the standardization of full-disk encryption and the problems that it might create.
But, as Waring put it: "It's still a million times better than having nothing. And, as a business, you can only take what's available to you."
Dave Hill, an analyst with Mesabi Group, agreed, saying that not only is data with full-disk encryption safe if a computer is stolen or lost, the technology also automatically places a company using the drives in compliance with state laws such as California's data-breach notification mandate. That law requires companies to notify the public when unencrypted drives are lost or stolen.
CBI Health is a national network of more than 135 community and hospital-based rehabilitation, medical and health care facilities. Three years ago, Waring switched from Lenovo to Dell laptops in order to get hardware-based encryption, replacing a software-based encryption product that he found arduous to manage and unreliable. Waring found that drives encrypted with software would sometimes unencrypt themselves -- leaving the data open to theft. And "we've experienced five drive failures due to the encryption software, but none from hardware," he said.
Today, 90 of CBI Health's 200 laptops use Seagate's Momentus drives with native full-disk encryption. The other users will move to Seagate drives as they are replaced at end of life, Waring said.
CBI Health uses Wave Systems' Embassy Suite encryption management software to monitor its encrypted drives, including storing passwords.
Waring understands the concerns about lost passwords and damaged drives, but said Wave's software allows CBI Health to keep a single administrative password to access encrypted drives in case a user loses their password. In addition, Waring backs up all drives, so if one is damaged, the data is not lost.
"Our company as a whole is trying to harden every element of its architecture. We felt it was prudent to start where we are most vulnerable -- mobile devices that people leave in their cars or have in their homes," he said.