Skip Navigation
  • Overview

    Self-encrypting drives are an integral part of any data-at-rest security strategy. By encrypting all data from the moment it enters the drive, self-encrypting drives ensure that data is protected from unauthorized access and is under the owner’s full control at all times. 

    However, self-encrypting drives are often deployed over the network in disparate locations creating islands of encryption throughout the organization. This means that the cryptographic keys used to encrypt and decrypt the data are also stored in disparate locations creating both a security vulnerability and an intensive administrative burden.

    SafeNet Assured Technologies’ ProtectSED manages and distributes cryptographic keys for self-encrypting drives located at disparate sites. ProtectSED easily integrates with any deployed OPAL 1.0 or 2.0 compliant self-encrypting drive. 

    Solution Components

    ProtectSED is composed of three components:

    ProtectSED Connector
    ProtectSED connector is a client-side self-encrypting drive interface which acts as a control agent for the host Windows 7 operating system (Linux support forthcoming).

    ProtectSED Manager
    ProtectSED Manager provides centralized client management including client provisioning and command and control of client agents.

    KeySecure for Government
    KeySecure for Government (KeySecure) is a key management appliance that centralizes the storage of keys used for the self-encrypting drives. KeySecure integrates with self-encrypting drives through the Key Management Interoperability Protocol (KMIP) for the creation and distribution of the encryption keys.

    As a centralized key manager, KeySecure increases security by making key surveillance, rotation, and deletion easier while separating duties so that no single administrator is responsible for the entire environment. Additionally, it unifies and centralizes policy management, logging, and auditing to make information more readily accessible and demonstrates compliance with data governance requirements.

  • Features and Benefits
    • Centralized Key Management: Centrally manage keys throughout their lifecycle and lock and unlock SEDs via trusted KMIP delivery
    • Authenticated OS Boot: Authenticated KMIP channel for key delivery required to unlock drive prior to loading host
    • Automated Secure Drive Unlock: Unlocking keys are securely stored and delivered without user intervention
    • Remote Crypto Shredding: Remotely wipe self-encrypting drives rendering them unusable effectively protecting your data from being compromised  
    • Controlled Crypto Ignition: Fully authorized access to key material preventing unauthorized users from decrypting the drive and accessing the data
    • Active Monitoring and Status: Actively monitor the state of the self-encrypting drive and retrieve client logs
    • Regulatory Compliance: Comply with data-at-rest security mandates
  • Technical Specifications

    ProtectSED Connector

    • Supports OPAL 1.0 and 2.0 drives
    • Automated configuration and key generation
    • AES256 keys generated and stored on KeySecure
    • PXE and PBA key delivery options
    • Drive lock keys delivered via KMIP over TLS version 1.2
    • Multi drive support (SED and non-SED)
    • Lock out protection for failed authentication attempts
    • Instant secure erase

    ProtectSED Manager

    • Flexible Web interface
    • TLS Protected communications
    • Auditing and logging
    • SED state (lock enabled)
    • Remote key destruction
    • Ability to halt key delivery
    • Ability to support group keys where multiple devices or an entire site share a common key 

    KeySecure for Government

    • Hardware-based, secure key replication across multiple appliances 
    • Active-Active mode of clustering
    • Geo distribution support
    • Highly scalable for cloud  implementations
    • LDAP/Active Directory Integration and Syslog forwarding
    • Heterogeneous solutions:  SFNT and non-SFNT devices, applications, databases, storage devices, SAN switches, tape libraries, HSM, network and endpoint devices, etc