Toshiba announced this week a new line of self-encrypting hard disk drives that are capable of instantly erasing their contents when used on an unauthorized machine, Computerworld reports. The Self-Encrypting Drives (SED) are intended to make it more difficult for thieves to steal data.
The 2.5-inch HDDs are intended for use in PCs, printers, copiers and point-of-sale systems (i.e. cash registers or other checkouts) that are used by organizations that deal with sensitive data, like governments, medical or financial institutions.
The SED work by performing an authentication process while the computer is booting up. If the machine on which the drive is being used has not been properly validated, and the authentication fails, the drive can be set up to either deny access or, if necessary, perform what’s known as a cryptographic erase on specific data blocks. Unlike a standard drive erase, which overwrites data multiple times to delete the data, a cryptographic erase obliterates the crypto keys, which are needed to decrypt the data. This means the encrypted information is now unreadable and inaccessible.
“Digital systems vendors recognize the need to help their customers protect sensitive data from leakage or theft. Toshiba’s security technologies provide designers of copiers, printers, PCs, and other systems with new capabilities to help address these important security concerns,” said Scott Wright, a Toshiba storage division product manager.
The SED have a variety of configurations for users with different needs. In addition to the setting which erases the drive when installed on an unauthorized machine, users can also choose to have the SED wiped every time the computer is rebooted, or if a person tries to unlock the drive multiple times with the incorrect validation login.
While this may sound far too risky for the average users, Toshiba says all is not automatically lost forever. If a drive is inadvertently locked, “the drive could be recovered with the use of administrator credentials,” Wright tells Computerworld.
Since such a drive could also be used by cyber-criminals to protect their own sensitive data, Toshiba has built in a fail-safe, so that law enforcement agencies could subpoena an SED’s contents, “which would require that administrator certificates be provided that would allow the contents of the drive to be produced,” Wright said. Sorry, Anonymous — we didn’t mean to get your hopes up.