Return of the Guru

Self-encrypting Drives Will Bolster Security, Compliance, but Questions Remain

Ara Trembly
Insurance Experts' Forum, August 12, 2010

To most of us who live in the world of technology, it is a widely known—if little discussed—fact that data, once written to a drive, continues to live there as long as we allow it to. That’s fine, until you need to make a change—say, switching out a defective drive for a new one or junking an older computer to make room for a new machine.

One of the consequences of such changes is that data existing on those old or defective drives is forgotten. Perhaps we foolishly assume that chucking an old hard drive into the garbage forever destroys the data that it holds. Maybe we just forget about that data in the excitement and busyness of setting up a new system. Our little oversight could turn out to be a doozy, however, if those unwanted disks contain information that someone else—such as a criminal or industrial spy—may find valuable. Such data, which could include passwords, bank account numbers, company secrets or personal information, may also become fodder for criminal websites that offer illegally procured material for sale. 

It seems unlikely, however, that we will ever persuade everyone to remember to permanently wipe data off discarded drives. There is a proposed solution, however. Toshiba Corp. has announced Wipe for Toshiba Self-Encrypting Drive (SED) models, a technology that allows special security capabilities, such as “the world's first ability for sensitive user data to be securely erased when a system is powered-down or when [the drive] is removed from the system.”

The feature also can be used to securely erase user data prior to returning a leased system, system disposal or repurposing, Toshiba says. The company adds that this feature will help address the increasing need for IT departments to comply with privacy laws and regulations governing data security. That’s good news for insurers, who handle volumes of sensitive data on a daily basis, and are thus ultra-sensitive to the need to comply with data security measures.

Designed to the Trusted Computing Group "Opal" Specification, Toshiba says its SED models provide advanced access security and on-board encryption for client systems such as notebook computers. “But lost or stolen notebooks are not the only security risk that IT departments must address,” the company says. “Today, most office copier and printing systems utilize HDD capacity and performance to deliver a highly productive document imaging environment. Many organizations are now realizing the critical importance of maintaining the security of document image data stored within copier and printer systems. Wipe is a technology that can automatically invalidate an HDD security key when its power supply is turned off, instantly making all data in the drive indecipherable.”

This sounds great, and while Toshiba did not indicate how this new feature affects pricing, it would seem to pay for itself in terms of peace of mind. But not so fast. What, exactly, do they mean when they say that data are “securely erased?” The answer may depend on how determined crooks are to get at information that is, or was, on a particular drive. Even if data have been deleted from a drive, federal agencies (and probably crooks, as well) are capable of recovering data from media that have been wiped as many as seven times. One has to wonder how well the Toshiba defenses will hold up against a determined effort by an expert hacker. We really don’t know until the technology is used in the real world.

This is not to say that we should avoid purchasing and using drives with Wipe technology. On the contrary, the technology should help avert information thefts by amateurs and perhaps lazy experts. I liken it to anti-theft devices available for cars, many of which exist on my current vehicle. To my inexperienced eye, my car appears to be difficult to steal, but as my expert mechanic son assures me, given enough time and skill, all protections can eventually be defeated.

If we can prevent data thefts by, say, 90%, wouldn’t that be worth the cash outlay? Do we not lock our doors at home because we know that someone could pick the lock or break in the door? Common sense dictates that those to whom valuable information is entrusted do all that they can to protect that information. So there is really no excuse for failing to put every available and affordable safeguard in place.

Ara C. Trembly ( is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Wearables Poised to Reshape Insurer-Insured Relationship

Boosted by the impending release of the Apple Watch, wearable devices have received a fair amount of attention recently – and with good reason. This emergent technology has the potential to alter the way the health insurance industry operates on a fundamental level.

Core Transformation – The Ultimate Balancing Act

The core transformation journey requires companies to shift from reactive to proactive business models, incorporating maturing and emerging technologies, customizing and personalizing products, and accelerating speed to market while providing improved customer service.

Despite Valiant Efforts, Insurers' Consumer Ratings Drop

Insurers also are confronting waves of disruptive changes, including big data analytics, an aging population, ongoing economic uncertainty and the growing frequency and severity of natural disasters, which threaten to challenge and undermine businesses.

Why You Can't Take a Wrecking Ball to Your Legacy System

If you think of enterprises like collections of neighborhoods that need to be nurtured, you quickly see that architecture, not obliteration, is the key.

The Apple Bounce: Are Wearables Truly this Big?

I just don’t believe it; only 720,000 Androidwear watches were sold in 2014. Apple has been amazingly successful in so many markets. Were they always first? No, a lot of products before. Were they always best? Again, no, superior devices have fallen.

Ten Stats About Social, Mobile, Analytics, Big Data, Cloud and Digital

Deployment rates have grown in the year since Novarica’s last study on these topics.