Save the Data: Self-Encrypting Drives

Date Published: July, 18, 2016

You do have a backup procedure for your computer already set up, right? If you don’t, now is the time to execute one. It should be easy. There are plenty of options, too. With ubiquitous cloud solutions and a myriad of online storage options, just a few clicks will suffice. Setting up a backup procedure should be high on your priorities list before the disaster strikes.

Infographic - TCG - SED

Complete new SED infographic here.

But faced with a drive failure, most users will “fix” the problem, pulling out the old hard drive in order to uncover the data and transfer it to the new drive. But what happens to the old drive? Most of us would just discard the drive (along with the computer). People do it all the time. Matt Malone, security specialist and dumpster diving hobbyist, can attest to that, describing the dumpsters as a rich treasure trove he regularly unearths, with the sheer volume of electronic equipment found in trash simply astonishing.

If Malone wouldn’t be interested in your malfunctioning devices, Simson Garfinkel surely would. An expert in data forensics, he’s hardly your ordinary scientist, but unlike Malone, he looks for used and faulty equipment with a very specific goal – to prove its hidden value. For his study “Remembrance of Data Passed,” he bought a bunch of used disk drives from auction sites, managing to extract all kind of personal data, from credit-card numbers to financial records, including medical information and trade secrets. Even a long-forgotten and discarded disk, not to mention a lost or a stolen one, is filled with a trove of data, stacked upon different layers of extractability: regular files (layer 0), temporary files (layer 1), deleted files (layer 2), retained data blocks (layer 3), vendor-hidden data (layer 4), and overwritten data (layer 5).

Shredding the redundant files and getting rid of any trace of data, from Social Security numbers, bank account details or even fond memories, all designated as “for your eyes only,” traditionally required time, effort, and sophisticated software tools that overwrite file contents and destroy the layers of data beyond recognition.

However, there’s a customer-friendly alternative, in the form of Self-Encrypting Drives (SED) with automatic data encryption, far superior to the less secure performance-heavy software-based encryption. All it takes to sanitize the drive is to simply delete the encryption key and the data is rendered worthless (Crypto-Erase is also officially recognized in the NIST SP800.88R1: Guidelines for Media Sanitization).

Hardware encryption based on Trusted Computing Group (TCG) specifications is widely adopted in most solid-state and enterprise drives as well as HDDs and many USB drives. This type of hardware encryption is always on, installed in various devices from data centers, PCs, office copiers, and printers to mobile gadgets and IoT devices. That way, in the words of Robert Thibadeau at the Drive Trust Alliance, “any government department or other organization deploying SEDs can forget about hitting the headlines for the loss of an unencrypted hard drive containing personal records.”

(Sources: Wikipedia, Kaspersky Lab, Wired)


Learn more about SEDs here: See SEDs in action at Flash Memory Summit, Aug. 9-11.


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More