What is an SED?
Drive Trust Alliance Definition of an SED:
- The device uses built in hardware encryption circuits to write and read data in and out of a non-volatile storage device such as a hard drive or a flash drive.
- At least one Media Encryption Key (MEK) is protected by at least one Key Encryption Key (KEK, usually a “password”).
- If one or more KEKs have not decrypted the MEK, the data that the MEK encrypts is not available to read or write. You cannot reverse engineer a locked SED without a valid KEK input from outside of the self-protecting SED.
SEDs are already ubiquitous worldwide
A well-kept secret is that SEDs are among the most successful and ubiquitous data leak protection security and privacy products in the world.
They are everywhere, but so easy to use once you set them up, you almost never see them or know they are working their magic. Note, 100% means 100% market penetration, ~100% means "approximately 100% market penetration". The comment is why the adoption took place.
- ~100% of all new, office and enterprise quality, Solid State Drives (SSDs) are TCG Opal SEDs
- Due to the Data Sanitization Problem for Flash
- ~100% of all Enterprise Storage (SSD, HDD, etc) are TCG Enterprise SEDs
- All of Google's Storage of your data and data they have on you, for instance.
- For fast, safe, and effective cryptographic repurposing and disposal of storage devices to protect against data leakage
- 100% of all Apple iOS devices are hardware SEDs for user data
- when iPhone or iPad password is set, that is the KEK
- ~100% Western Digital USB Hard Disk Drives (HDDs) are SEDs
- In case you lose your USB storage device
- ~100% of ALL Office-Class Printers and Copiers in the world use SEDs
- To protect against theft of what people have printed
- Much smaller number of Personal HDDs are TCG Opal or SED
- But Microsoft Bitlocker supports “eDrive” which requires Opal 2.0 SEDs
- 100% TCG Opal Drives also support the SATA Security Password (Hard Disk Password)
- No Software needed: already supported by BIOS/UEFI setup on nearly every laptop and PC in the world
- The newest fastest solid state drives, such as NVMe, and many other types of non-volatile storage devices are already commercially available as TCG SEDs, but standardization details are currently being handled by the TCG Storage Workgroup right now.
SED Advantages
- Ease of use: Integral part of the drive electronics; security added IN, not ON.
- Transparency: comes from the factory already encrypting; no ON/OFF.
- Performance: operates at full drive speeds; no work slowdown.
- Efficacy: Gets the job done. SEDs are a mature and time-tested technology.
- Scalability: Already proven to scale smoothly from individual use to the largest distributed data centers in the world (e.g., Google).
Count all those SEDs up. That's right...
Billions of people use SEDs all the time and don't even know it, This includes you, right now. And the population of SED devices in the world is easily approaching a billion.
If you are not using SEDs right now for yourself or your organization, you should.