LAS VEGAS -- Samsung has added new security features to its self-encrypting drive (SED), the 840 EVO SSD, making it compatible with professional security software employed by enterprise organizations, and positioning the company for what it expects is a market where encrypted SSDs are standard.
The new capabilities are enabled by the just released Samsung Magician 4.3 software and a firmware update that allows independent software vendors (ISVs) to provide enhanced security features required in enterprise user environments. Samsung’s 840 EVO line now offers three security types: Class 0, TCG Opal, and Encrypted Drive (eDrive) from Microsoft on Windows 8. The new offering is also compliant with IEEE 1667 standards.
Chris Geiser, senior product manager for memory and storage at Samsung, said the updates are aimed at delivering security capabilities required by government offices, finance institutions, healthcare facilities, and other enterprise environments that are highly regulated and handle sensitive information such as financial data, health records, or intellectual property. “The rules for self-reporting data breaches are pretty onerous,” he said.
Managing data security at the hardware level can be simpler and more effective, said Geiser, especially with increased mobility of data on multiple platforms and operating systems via laptops, smartphones, and tablets, which has led to increased awareness of data security. Because encryption is baked into the drive electronics, without the assistance of software, it is always on, and authentication is independent of the OS. Encryption keys never leave the drive. They can be quickly adjusted to prevent data from being accessed without authentication and also immediately reset for authorized use.
Samsung is working with ISVs such as Wave Systems, which offers complete management of Samsung’s 840 EVO SSD. Wave’s EMBASSY Remote Administration Server supports drive initialization, user management, drive locking, user recovery and crypto erase for all Opal-based, proprietary, and solid-state SEDs.
Geiser said regulatory and compliance challenges are driving the need for encrypted SSDs and more powerful management tools in the short term. “It’s really about the audit trail and the Safe Harbor provisions.” But in the longer term, he said there will be opportunities to add more functionality around data management and improving user experiences.
For now, Software Magician 4.3 is compatible with Microsoft Windows and manages a number of Samsung SSD models, including the 840, 830, and 470 series; the 840 EVO; and the 840 PRO.
Geiser said Samsung has traditionally sold products such as flash memory into the OEM market, but the company is directing efforts to deliver more enterprise applications, including security management, as well as enhancing its MLC flash memory with firmware that supports high availability environments, for example. He anticipates encryption on SSDs will become standard in the enterprise space.
Mark Peters, senior analyst with Enterprise Strategy Group, said encrypted SSDs are especially suited for addressing data confidentiality and integrity protection, especially in a regulated environment, because it easier to deploy storage encryption to protect regulated data, such as bank card holder information or electronic health records, rather than doing native file system or database encryption.
“OS encryption involves installing software, modifying drivers, and can lead to performance degradation,” he said, while the impact of encryption on SSDs is negligible -- milliseconds at most. “It’s likely that all enterprise SSD vendors will offer SSD encryption in the future.”
Mushkin recently announced its entry in the enterprise SSD market with its ProSpec drives that support 128-bit AES hardware encryption, while Plextor makes custom SSDs for customers who need Opal encryption not offered in its off-the-shelf products. Earlier this year, LSI added TCG Opal compatibility to its Sandforce drive controllers.