Security and Encryption

Users are often concerned about having their data stolen or compromised. This is especially true in a work environment, and many enterprises do engage in strict measures to ensure security. Consumers can often rely on simpler solutions, like a simple storage password in their BIOS or UEFI. An additional password may be required to access the operating system. These solutions will not survive a thief who has physical access, and there are rootkit viruses that can persist on a system.

One way to secure your storage is to rely on software encryption, for example via Microsoft’s BitLocker in Windows, which has overhead but is fairly reliable. Other systems can also be used. Many SSDs also have hardware encryption under the TCG OPAL specification, which utilizes 256-bit AES encryption to protect the drive using computation through the controller. Concerns about whether manufacturers reliably follow the specification had Microsoft disable this option in BitLocker. Modern systems also have support for Secure Boot which can be useful in the proper setting.

SSDs natively employ a form of encryption on the flash itself so that dies or packages cannot be removed and forensically recovered. However, this is obviously an extreme case, although it can make genuine data recovery - as in the case of controller failure - quite difficult. In most cases, users should make sure would-be thieves can have no physical access. Important information should be backed up and encrypted, and extra care should be taken when connected online.

Our consumer SSDs work best with software encryption but are otherwise not designed for enterprise use. Proper usage of the host system, including security functions for the UEFI, OS, and relevant applications, should ensure the data on the drives will be safe. If data needs to be erased, please check our blog on Secure Erase and Sanitize for more information. Also remember to always safely back up your data, use strong passwords, and practice good data habits.

For more on the Self-Encrypting Drives (SED) with TCG, read here.

See our storage products here.