Return of the Guru

Self-encrypting Drives Will Bolster Security, Compliance, but Questions Remain

Ara Trembly
Insurance Experts' Forum, August 12, 2010

To most of us who live in the world of technology, it is a widely known—if little discussed—fact that data, once written to a drive, continues to live there as long as we allow it to. That’s fine, until you need to make a change—say, switching out a defective drive for a new one or junking an older computer to make room for a new machine.

One of the consequences of such changes is that data existing on those old or defective drives is forgotten. Perhaps we foolishly assume that chucking an old hard drive into the garbage forever destroys the data that it holds. Maybe we just forget about that data in the excitement and busyness of setting up a new system. Our little oversight could turn out to be a doozy, however, if those unwanted disks contain information that someone else—such as a criminal or industrial spy—may find valuable. Such data, which could include passwords, bank account numbers, company secrets or personal information, may also become fodder for criminal websites that offer illegally procured material for sale. 

It seems unlikely, however, that we will ever persuade everyone to remember to permanently wipe data off discarded drives. There is a proposed solution, however. Toshiba Corp. has announced Wipe for Toshiba Self-Encrypting Drive (SED) models, a technology that allows special security capabilities, such as “the world's first ability for sensitive user data to be securely erased when a system is powered-down or when [the drive] is removed from the system.”

The feature also can be used to securely erase user data prior to returning a leased system, system disposal or repurposing, Toshiba says. The company adds that this feature will help address the increasing need for IT departments to comply with privacy laws and regulations governing data security. That’s good news for insurers, who handle volumes of sensitive data on a daily basis, and are thus ultra-sensitive to the need to comply with data security measures.

Designed to the Trusted Computing Group "Opal" Specification, Toshiba says its SED models provide advanced access security and on-board encryption for client systems such as notebook computers. “But lost or stolen notebooks are not the only security risk that IT departments must address,” the company says. “Today, most office copier and printing systems utilize HDD capacity and performance to deliver a highly productive document imaging environment. Many organizations are now realizing the critical importance of maintaining the security of document image data stored within copier and printer systems. Wipe is a technology that can automatically invalidate an HDD security key when its power supply is turned off, instantly making all data in the drive indecipherable.”

This sounds great, and while Toshiba did not indicate how this new feature affects pricing, it would seem to pay for itself in terms of peace of mind. But not so fast. What, exactly, do they mean when they say that data are “securely erased?” The answer may depend on how determined crooks are to get at information that is, or was, on a particular drive. Even if data have been deleted from a drive, federal agencies (and probably crooks, as well) are capable of recovering data from media that have been wiped as many as seven times. One has to wonder how well the Toshiba defenses will hold up against a determined effort by an expert hacker. We really don’t know until the technology is used in the real world.

This is not to say that we should avoid purchasing and using drives with Wipe technology. On the contrary, the technology should help avert information thefts by amateurs and perhaps lazy experts. I liken it to anti-theft devices available for cars, many of which exist on my current vehicle. To my inexperienced eye, my car appears to be difficult to steal, but as my expert mechanic son assures me, given enough time and skill, all protections can eventually be defeated.

If we can prevent data thefts by, say, 90%, wouldn’t that be worth the cash outlay? Do we not lock our doors at home because we know that someone could pick the lock or break in the door? Common sense dictates that those to whom valuable information is entrusted do all that they can to protect that information. So there is really no excuse for failing to put every available and affordable safeguard in place.

Ara C. Trembly (www.aratremblytechnology.com) is the founder of Ara Trembly, The Tech Consultant, and a longtime observer of technology in insurance and financial services.

Readers are encouraged to respond to Ara using the “Add Your Comments” box below. He can also be reached at ara@aratremblytechnology.com.

This blog was exclusively written for Insurance Networking News. It may not be reposted or reused without permission from Insurance Networking News.

The opinions of bloggers on www.insurancenetworking.com do not necessarily reflect those of Insurance Networking News.

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments...

Already Registered?

If you have already registered to Insurance Networking News, please use the form below to login. When completed you will immeditely be directed to post a comment.

Forgot your password?

Not Registered?

You must be registered to post a comment. Click here to register.

Blog Archive

Opinion: Halbig Decision Creates New Level of Uncertainty for Obamacare

Time will tell if the Halbig decision remains viable. But in the meantime, a new level of uncertainty has been injected into the process.

CIOs: "We Don't Have Enough People to Run Our Mainframes"

Insurers will be competing with other industries for both legacy and “new IT" talent.

4 Ways to Keep Insurance Data Quality Healthy

Continually building trust and credibility in the data is the key to a successful data warehouse.

Customer Experience Trend Watch

Three recent HR moves demonstrate that large life insurers recognize customer experience as a strategic differentiator.

Insurers Have a Lot of Data, But Too Many Silos

Insurers actually have more data analytics resources than other industries.

Are Data Centers Shrinking or Expanding?

Today's data centers are doing far more with much smaller footprints.

Advertisement

Advertisement