To get started, click accept below to bring up the cookies management panel. Next, tap or click on the Personalization button to turn on the chat feature, then Save.
Thanks for contacting us. Please complete this form and click Start Chat.
From businesses and governments to individuals, there is one thing today that everyone around the world shares: the need and desire to secure important personal and private information. Whether it is stored or being transported, data protection is an absolute essential. The cost in finances and reputation on account of data breaches, hacking, and lost or stolen laptops/PCs can be astronomical.
To protect against malicious hackers and organizational data breaches, it is necessary to encrypt inflight data as well as data at rest. Encryption provides a fortified layer of protection just in case unauthorized access to a computers network or storage device is somehow granted. In this event, the hacker cannot gain access to the data. Throughout this article, we focus on software-based encryption, Self-Encrypting Drives (SEDs for short) and a basic explanation on how SSD encryption works.
What Is Encryption?
In layman’s terms, encryption converts information inputted in a digital device into blocks of meaningless-looking data. The more sophisticated the encryption process, the more illegible and undecipherable the encrypted data. Conversely, decryption changes the encrypted data back to its original form rendering it readable again. Encrypted information is often referred to as cipher text while non-encrypted is referred to as plain text.
Software vs. Hardware Encryption
Software encryption uses a variety of software programs to encrypt data on a logical volume. When a drive is first encrypted, a unique key is established and stored in computer memory. The key is encrypted with a user-passphrase. When a user enters the passphrase, it unlocks the key and gives access to the unencrypted data on the drive. A copy of the key is also written to the drive. Software encryption operates as the middleman between the application’s reading/writing data to the device; when data is written to the drive, it is encrypted using the key before it is physically committed to the disk. When data is read from the drive, it is decrypted using the same key before being presented to the program.
While software encryption is cost effective, it is only as secure as the device it is used on. If a hacker cracks the code or password, your encrypted data is exposed. Also, since encryption and decryption are done by the processor, the entire system slows down. Another vulnerability of software encryption is that upon system boot, the encryption key is stored in computer memory making it a target for low level attacks.
Self-encrypting drive (SED) use hardware-based encryption which takes a more holistic approach to encrypting user data. SEDs have an onboard AES encryption chip that encrypt data before it is written and decrypts it before it is read directly from the NAND media. Hardware encryption sits between the OS installed on the drive and the system BIOS. When the drive is first encrypted, an encryption key is generated and stored on the NAND flash. When the system is first booted, a custom BIOS is loaded and will ask for a user passphrase. Once the passphrase is entered, the content of the drive is decrypted and access to the OS and user data is granted.
Self-encrypting drives also encrypt/decrypt data on the fly with the onboard encryption chip responsible for encrypting data before it is committed to the NAND flash and decrypts data before it is read. The host CPU is not involved in the encryption process, reducing the performance penalty associated with software encryption. In most cases on system boot, the encryption key is stored in the SSD onboard memory which increases the complexity of retrieving it; making it less vulnerable to low-level attacks. This hardware-based encryption method offers a high level of data security as it is invisible to the user. It can’t be turned off and does not impact performance.
AES 256-Bit Hardware-Based Encryption
AES (Advance Encryption Standard) is a symmetric encryption algorithm (meaning encryption and decryption keys are the same). Because AES is a block cipher, data is divided into 128-bit blocks before encrypting it with the 256-bit key. AES 256-bit encryption is an international standard that ensures superior data security and is recognized by the U.S. government among others. AES-256 encryption is basically undecipherable making it the strongest encryption standard available.
Why is it undecipherable? AES is comprised of AES-128, AES-192 and AES-256. The numerals represent the number of key bits in each encryption and decryption block. For each bit added, the number of possible keys doubles meaning 256-bit encryption is equal to two to the 256th power! Or a very, very large number of possible key variations. In turn, each key bit has a different number of rounds. (A round is the process of turning plain text into cipher text.) For 256-bits, there are fourteen rounds. So, the chance of a hacker coming up with the correct sequence of 2 to the power of 256 (2256 ) bits being scrambled fourteen times is staggeringly low, to say the least. Not to mention, the time and computing power necessary to do the job.
TCG Opal 2.0
TCG is the international industry standards group that defines hardware-based root of trust for interoperable trusted computing platforms. This protocol can initialize, authenticate, and manage encrypted SSDs through usage of independent software vendors featuring TCG Opal 2.0 security management solutions such as Symantec™, McAfee™, WinMagic® and others.
In summary, while software-based encryption does have its advantages, it may not match its perception as being comprehensive. Software encryption adds extra steps because the data needs to be encrypted then decrypted when the user needs to access the data whereas hardware-based encryption offers a more robust solution. A hardware encrypted SSD is optimized with the rest of the drive without affecting performance. Depending on the application, you may be surprised by what is involved in securing your data. Not all encryption is the same but understanding the differences will play a key part in how effective and efficient your security is.
Organizations must consider revenue, profit, and risk equally in order to mitigate data security & cyber security risks. In this article, industry expert Bill Mew provides an insight into this topic.
Choosing the right SSD for your server is important since server SSDs are optimized to perform at a predictable latency level while client (desktop/laptop) SSDs are not. These difference result in better uptime and less lag for critical apps and services.
What strategies can organizations use to best secure customer data in a post-GDPR world with the ever-evolving nature of cyber security threats? Kingston pooled the knowledge of some of the UK’s most experienced commentators in cyber security to discuss how data protection has changed since the introduction of GDPR.
You already know that remote working is a business enabler. But the challenges posed to your network security and compliance with GDPR are too big to ignore.
The recent WannaCry ransomware made global headlines infecting and alerting everyone from government, healthcare, communication providers, automotive companies to corporations and the general public of their vulnerabilities.
Overall, Kingston / IronKey Encrypted USB Drives prove to be the best solution in reliability, compatibility and security for portable data protection solutions.
End-to-End Data Protection protects customer’s data as soon as it is transferred by the host system to the SSD, and then from the SSD to the host computer. All Kingston SSDs incorporate this protection.
This program offers the options most frequently requested by customers, including serial numbering, dual password and custom logos. With a minimum order of 50 pieces, the program delivers precisely what your organization needs.
Case in point, Heathrow Airport in London (October 30, 2017) uses Unencrypted USB Drives for its non-cloud storage. Unfortunately, they were not standardized on Encrypted USB drives. Their lack of implementing proper standards in data security / data loss protection with encrypted USB storage has now cost the EU a major breach of confidential and restricted information.
Linus breaks down hardware encryption making sure your files are safe and secure, especially when you're on the go. Make sure your portable storage is also safe and encrypted with Kingston Encrypted USB drives.
Testing is a cornerstone of our commitment to deliver the most reliable products on the market.
We perform rigorous tests on all of our products during each stage of production. These tests ensure quality control throughout the entire manufacturing process.
NVMe (Non-Volatile Memory Express) is a communications interface and driver that defines a command set and feature set for PCIe-based SSDs with the goals of increased and efficient performance and interoperability on a broad range of enterprise and client systems.
