For protecting data at rest on hard drives, hardware encryption has long been forecast to surpass software based encryption. At first the problem was having enterprise manageability and single sign on with a Windows account. There are now several different management platforms for self-encrypting drives (SED). Then the issue was compatibility. The Opal standard should rectify that. A self-encrypting SSD drive in a Dell laptop was recently priced at $30 more than the equivalent regular drive. Perhaps costs are now low enough to begin looking at SED in earnest.
Not so fast.
A quick review of the compatibility list for Symantec Endpoint Encryption finds a dearth of drives supported.
Dell doesn’t tell me which SED they would send. And there is no guarantee that they would continue to send that drive. Their just in time, cheapest part, approach could change the drive on me. Even if I got Symantec to add support for today’s drive, what about tomorrow?
Is it so naïve to think that the Opal standard should allow drive management companies to support all drives under the Opal standard?
McAfee is only slightly better than Symantec in terms of number of drives supported.
Questions about supportability and cost remain. No one wants to go backwards to using a separate bios password to log into the hard drive, prior to logging into the Operating System.
Software based Full Disk Encryption (FDE) with support for AES NI is reportedly speeding things up. Why hassle with hardware encryption, if what you’re doing can be fast enough. Good luck if your FDE vender doesn’t support AES – NI. Symantec has this for PGP ( now Symantec Drive Encryption) but not GuardianEdge (now Symantec Endpoint Encryption.
Another concern is the security of the Self Encrypting Drive. How do you validate the security of the SED? If you’re government or a contractor, you may have to buy FIPS 140-2 validated hard drives. This may be scarce and expensive. It may not be available through your normal computer leasing channels.
For now, self encrypting drives remains bleeding edge. It is time to question if it will never become mainstream.