Self-encrypting drives are an integral part of any data-at-rest security strategy. By encrypting all data from the moment it enters the drive, self-encrypting drives ensure that data is protected from unauthorized access and is under the owner’s full control at all times.
However, self-encrypting drives are often deployed over the network in disparate locations creating islands of encryption throughout the organization. This means that the cryptographic keys used to encrypt and decrypt the data are also stored in disparate locations creating both a security vulnerability and an intensive administrative burden.
SafeNet Assured Technologies’ ProtectSED manages and distributes cryptographic keys for self-encrypting drives located at disparate sites. ProtectSED easily integrates with any deployed OPAL 1.0 or 2.0 compliant self-encrypting drive.
ProtectSED is composed of three components:
ProtectSED connector is a client-side self-encrypting drive interface which acts as a control agent for the host Windows 7 operating system (Linux support forthcoming).
ProtectSED Manager provides centralized client management including client provisioning and command and control of client agents.
KeySecure for Government
KeySecure for Government (KeySecure) is a key management appliance that centralizes the storage of keys used for the self-encrypting drives. KeySecure integrates with self-encrypting drives through the Key Management Interoperability Protocol (KMIP) for the creation and distribution of the encryption keys.
As a centralized key manager, KeySecure increases security by making key surveillance, rotation, and deletion easier while separating duties so that no single administrator is responsible for the entire environment. Additionally, it unifies and centralizes policy management, logging, and auditing to make information more readily accessible and demonstrates compliance with data governance requirements.