Seagate’s self-encrypting drives protect systems from “smash and grab” thefts

Some thieves have figured out that stealing laptops is small beans compared to stealing storage racks or servers. These so-called “smash and grab” crimes threaten are taking their toll on companies that store customer records on site in servers and mass storage systems.
That’s why Seagate is rolling out its self-encrypting technology across a wider number of products and a broader distribution network today. This technology, dubbed the Seagate Secure Self-Encrypting Drive, can protect data at rest, meaning data stored on devices that are not in use in a corporate network.
The Scotts Valley, Calif.-based hard disk drive maker is rolling out the technology across its portfolio of enterprise-class drives, including the Savvio, Constellation and Cheetah product families. Previously, Seagate used the technology on its secure storage systems for defense or security-related customers only.
But with identity theft on the rise, it makes sense to add protection that will protect drives even if they are physically stolen from a small business or corporate data center. It also protects drives that come from older, decommissioned machines that are repurposed for a new user. Seagate notes that 90 percent of disk drives that are returned under warranty — presumably because they don’t work — still have readable data on them.
The new drives have custom chips that encrypt data as it is put on the disk drives. The user doesn’t have to do anything to start the encryption or decryption process. Any data that is stored on the drive is in gobbledygook, not readable text or code. The technology adds about $10 to $20 per drive, so Seagate hasn’t made this decision lightly.
The encryption chips come from Intel and LSI, who have built the encryption technology into their storage controller and server solutions. The technology can automatically lock a drive from being used if it is pulled out of a system, said Teresa Worth, senior product manager at Seagate, in an interview. That means that smash and grab thefts will yield little for thieves, who won’t be able to use the drives they steal.
Seagate is aiming the technology at corporate enterprise information technology departments, government agencies, and small businesses that have sensitive data. The average cost to a company per data breach in 2008 was $6.6 million, Worth said. On average, each compromised personal record costs $202.