Self-encrypting drives

I’ve long been an enthusiastic supporter of self-encrypting drives (SEDs), a technology that offers substantially better performance and security than software-based encryption solutions. SEDs can even work out much cheaper to deploy, as a less powerful machine can be used to deliver the same level of laptop performance. Yet few organisations are deploying them. Why is this? Is it apathy, ignorance or some other reason?

The Ponemon Institute have just published a survey of IT Practitioners on their perceptions about SEDs. Unsurprisingly, it shows that compliance is the main driver for adoption of encryption solutions. More interestingly, it reports that most practitioners have a high regard for SEDs and their capabilities. The barriers to adoption appear to be perceptions about cost, and uncertainty about the options available and their ease of implementation. Another issue seems to be the division of responsibilities and decision-making in the procurement process.

This sounds about right. I recall meeting a security manager at a recent conference. I asked him if he had encryption on his enterprise laptop. “Of course” he replied “though it’s currently switched off”. I asked him if he’d considered SEDs. “No” he responded “but it sounds like a good idea”. He didn’t, of course, pick the solution.

Ponemon predict that, as understanding grows, there will be greater adoption of SEDs. That of course assumes that enterprises take more interest in the quality of their security solutions, rather than just aiming for the easiest route to ticking the compliance box.    

By the way, for those who’d like to know more about SEDs, Bob Thibadeau, the inventor, is in London later this week and will be speaking at the ISSA-UK Chapter meeting on Thursday.