Storage security and TCG

Posted by Ken Y-N on April 28th, 2008 at 02:18pm

An interesting article was recently published by INFOSTOR, written by Dr Michael Willett, co-chair of the Trusted Computing Group’s (TCG) Storage Working Group (SWG), and a senior director at Seagate Research.

One of the drivers behind the SWG is that there is a definite move towards performing backups to disk rather than tape. In addition, with the increased use of portable drives, the risks posed by lost or stolen media are becoming greater. Indeed, in a survey of the members of the Healthcare Information and Management Systems Society this year almost 25% opf healthcare IT professionals reported that in the last year there had been a security breach at the organisation where they work. Within the next two years two of the top techologies they were looking at introducing were identity management and security-related.

The article identifies the need for SWG-defined technologies:

Instead of relying solely on firewalls, user access controls, and audit logs on computers and servers for data protection, encrypting data on the storage device itself provides much stronger protection, including external hard drives. Even if they are lost or stolen, drives with encrypted data are not classified as a security breach, since the data is inaccessible to unauthorized users.

The SWG Trusted Storage Specification, published in June 2007, describes how the TCG’s trust can be piggy-backed on top of existing SCSI and ATA command sets, reducing the costs of implmentation. The specification covers not just hard drives but many different types of media; optical, tape and flash too can all be secured.

The full article may be found on the INFOSTOR website here. It’s well worth a read for a very in-depth look at the guts of the SWG specifications.

Tags: seagate

Under Storage Tags: seagate