- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
Network World - Vendors are touting solid state replacement drives as a way to protect corporate data in the event of a laptop being lost or stolen, and to boost performance at the same time.
We tested five SSDs to determine if they, indeed, were encrypting data and if the encryption could be somehow broken. In other words, were they safe to use if the device were stolen from or with a notebook?
The answer is: summoning our best tools, we could not crack their encryption. Not only that, these drives delivered read and write speeds that were up to five times faster than the hard drives that came with our enterprise-grade laptops.
The products under test were 2.5 inch, SATA-3 replacement drives from Other World Computing (OWC), OCZ Technologies, Micron Technologies, Adlink Technology and Intel.
All of the drives passed the encryption test with flying colors. When it came to performance, the OWC Pro 6G was fastest, running at sometimes five times the speed of the 500GB Hitachi drive that came with our Lenovo laptop. While OWC took the prize, all of the SSDs worked at several times the speed of our baseline hard drive.
Storage smackdown: SSDs vs hard drives
Slideshow: Encrypted SSDs deliver security, speed
Notebook hard drives can be encrypted via either software or hardware methods.
For example, tools like Microsoft's Bitlocker offer operating-system level software encryption. With this method, the resident operating system can encrypt files, folders, whole disk partitions, or even the entire disk. However, this could leave file system information like names, ownership, and location intact or predictable.
If the master book record (MBR) is available and isn't encrypted, forensic work can start to attack the contents of the drive because much of the file and data formatting becomes known — although decryption is still difficult.
If the BIOS "HDD Master" and/or "HDD User" passwords are set, the drive's MBR becomes encrypted, and a usable forensic analysis path becomes unavailable.
There are also many third-party encryption vendors that use their own software-based encryption seed or methodology, while others may use Trusted Computing chip hardware resident in the machine to encrypt.
In addition, most PCs have BIOS settings that allow them to use SATA or SAS encryption that's been available for roughly the past dozen years. We chose drives that use the BIOS method (to make things operating system agnostic) to answer questions regarding the encryption safety of replacement drives. (See how we conducted our test.)
Each of the drives came encrypted with the SATA master and user encryption keys enabled and hashed, so that they weren't readable until a BIOS command was used to set the passwords for each.
SATA and SAS (Serial ATA and Serial-Attached-SCSI, respectively) drives, traditional mechanical drives, or SSDs, use a hierarchical command set to encrypt data on the drive. If the drive is removed and placed into an identical machine lacking the encryption key (set in the BIOS), the drive is unreadable, as though it were blank/filled with random data, with no partition table or other recognizable partitioning or boot sector information.