RealTime IT News

Seagate Security Looks to Lock Up Laptops

The paucity of security technology on current computers has frightened people in the wake of highly publicized thefts, such as the VA laptop pilfering earlier this year.

Seagate  is hoping to change that at Storage Networking World in Orlando, Fla., this week.

The hard disk drive (HDD) maker today unveiled DriveTrust, a new package of security software that includes such safeguards as file and full disk encryption to render data unreadable by users who boot up a machine and don't have a password, as well as multi-factor user authentication.

Security experts often say that the best kind of security is a multi-layered approach that includes several safety features to lock down data.

The logic behind this is that if a hacker or perpetrator get past one line of defense, a second steps up to protect the assets on a computer.

With DriveTrust, Seagate is applying that multi-layer approach, said Scott Shimomura, senior product manager at Seagate.

DriveTrust blends hardware-based security with a programming platform that lets computer makers add security applications to shield all drive data at all times.

"This is a new concept to think of... hard drives as a development platform, where ISVs [independent software vendors] have the ability to write applications that speak to the security functionality within the drive," Shimomura said.

The security tools run transparently within the drive with no need for additional configuration, patches, updates or upgrades, freeing companies' IT staffs to conduct other tasks.

The security functions also operate on the hard drive without impinging a machine's full performance.

DriveTrust has its own dedicated storage, consisting of hidden partitions that aren't accessible to the operating system and other applications that traditionally access disk drives.

"When you have an environment like that, you can create new software that essentially runs as firmware on the drive and provide a very secure environment to protect the data that's being stored on your drives," Shimomura said.

Moreover, information stored on machines with DriveTrust can be instantly erased, making it a snap for IT admins who feel they need to erase the drives.

Seagate currently offers DriveTrust on the DB35 series, which are 3.5-inch HDDs for digital video recorders (DVRs) and other digital entertainment devices.

DriveTrust on the DB35 series lets service providers deploy DVRs that protect recorded content from illicit copying and distribution if the drive is removed.

Next, Seagate plans in the first quarter next year to release the Momentus 5400 FDE.2, a 2.5-inch HDD that will provide full disk encryption for laptops. FDE.2 will include the yet-to-be-broken AES 128-bit encryption algorithm, pre-boot authentication, hashed passwords, password emergency recovery and authentication management.

Users need only a password to authenticate themselves for full drive access, while other enhancements allow thumbprint and smartcard options for multi-factoral self-authentication.

With products on the market and in the oven, Seagate isn't keeping the technology breakthrough to itself, either.

Shimomura said the company has submitted a specification to the Trusted Computing Group (TCG) as a formal storage spec that is scheduled for public release in early 2007.

The TCG specification will allow Seagate rivals, such as Toshiba, Western Digital and Hitachi, to make their own drives based on DriveTrust.

DriveTrust could play huge in a market fraught with fear over lost machines that house sensitive information, such as names, addresses, Social Security numbers or even bank-account information.

DriveTrust is an example of how incidents, such as the VA laptop affair has galvanized the computing industry.

Stolen data can cost organizations, because the trade secrets and intellectual property on some machines can cost businesses millions of dollars.

Moreover, enterprises need to meet data security and privacy legislation, such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act.

One of the ways to do this is through creating airtight security technologies for the machines that corporations let their employees use.