With apologies to Shakespeare: To be or not to be trusted storage, that is the question.

The question is answered – “be trusted” – with the publication of the major work effort of the TCG Storage Work Group. That effort has been intensive and has actively engaged the entire storage industry over the last four years, from all six hard drive vendors to tape, optical, and flash storage device manufacturers.

The last frontier of securing data throughout its life cycle is to secure stored data. The I.T. security community has been occupied with securing data in transit, over networks and through applications, yet data spends most of its useful life in storage, as data at “rest”.

The archetypal use case is when stored data leaves the control of the owner, as when a laptop is lost or stolen (which is happening somewhere, now!), or a data center drive leaves the protection of the data center to be repaired, returned on contract or warranty, or for end-of-life. In these cases, sensitive or personal data is exposed. For this use case, the trusted storage specifications define the concept of self-encrypting storage (SES), in which the hardware circuitry for encryption and decryption is integrated directly into the on-board storage electronics. Everything written to storage is encrypted and everything read from storage is decrypted, at full channel speeds. The specifications further define a standardized way to securely manage SES, including SES locking, which allows access by only authorized users. A valuable advantage of SES is that, by deleting the on-board encryption key, the storage system is instantly ‘sanitized’; e.g., the data is no longer available. This “rapid erase” capability simplifies re-purposing and end-of-life for a storage device.

The TCG Storage specifications can be found at http://www.trustedcomputinggroup.org/work-groups/storage. The Core Architecture specification (Revision 0.9) was published over a year ago in order to give the larger storage community an opportunity to analyze the architecture and underlying security function set for trusted storage. The recent focus of the Storage Work Group has been on defining Security Subsystem Classes (SSC) and finalizing Revision 1.0 of the Core Architecture. An SSC is a selected subset of the Core Architecture appropriate to a specific storage type or environment. For example, an Optical SSC was recently published that defines SES for optical devices; that is, optical media (e.g., CDs) can be encrypted and managed in a standard way. Optical SES prototype products are already being demonstrated.

The current fanfare is over the publication of three new specifications: an Enterprise SSC (e.g., data center storage), a workstation SSC (called OPAL, to suggest the “precious” nature of the specification to the world of stolen laptops), and a Storage Interface Interactions specification (SIIF). The SIIF specification deals with the nuances of the interaction of trusted storage with the traditional storage interfaces (e.g., SCSI and ATA). Already, products satisfying the SSCs are being introduced to the market.

The soon-to-be published Revision 1.0 of the Core Architecture will be the crowning achievement of the Storage Work Group. The storage industry owes a debt of technical gratitude to the volunteers who labored to bring this level of standardization and cross-industry cooperation to the rapidly growing necessity for trusted storage.