Personal Use essentially means that you do not want to centrally manage your SEDs.  Most IT Departments or companies or consultancies that need to support staff or need to achieve regulatory compliance will want to centrally manage their SEDs. But even if you represent a large IT department, the information below will be useful, we think.

Have your own cell phone or pad?

On any Apple iPhone, iPad, or Samsung Knox Phone set a  password, the stronger the better.  You are done.  You are now using the built in SED you already own.  If you don't have an Apple or a Samsung Knox phone, complain that you want a phone or pad with built in hardware encryption of user data. If they say they have software encryption then battery life will be significantly impacted.

I want an SED on a New Laptop/PC

Unfortunately, consumer Laptops and PC often do not offer SEDs on new purchases.  Look at manufacturers web sites (e.g.,www.dell.com, www.hp.com, www.lenovo.com) to configure  professional machines with self-encrypting drives.  MACs are not available with SEDs.  

I want an SED on an Old Laptop/PC

Consider buying a new internal drive see SED Devices for how to find model numbers from manufacturers of hard disk drive or solid state drive replacements.   Make sure your old PC is not too old.   It needs to support SATA hard disk passwords in the BIOS/UEFI setup, but that standard is almost certainly supported and goes back the late 1990s).  Alternatively, if your BIOS/UEFI does not support ATA passwords you can use a software package that supports the OPAL encryption standard.  The DTA offers an open source program that does not require BIOS/UEFI support for hardware encryption of SEDs.

You can buy the TCG Opal SEDs from resellers like Amazon and just use them in their default SATA security mode.  You don't need any software.

MACs do not support internal SEDs.

I have several laptops/PCs, some new, some old, some Windows, some MAC.

Your best option is to get an Attached Storage Device, see USB SED Devices for how to find these listed on a manufacturer’s web site.  Keep your private work on the USB Drive.  You need to be careful that your operating system is not caching your private work on the boot or other drive not encrypted. If Windows is Windows Pro or Enterprise consider using Bitlocker Software Encryption for internal drive(s) to reduce the risk that private work leaks over to your internal drive without protection.  MACs almost always provide software “File Vault” full disk (full volume) encryption as well as file encryption. For WD USB Drives you can use the same USB SED Drive on Windows, MAC, or Linux Operating System with the same password.  Commonly people buy several USB SED Drives for data backup and ransomware protection.  Use a date tiered backup strategy (e.g., cycle one set every two months, another every week, making sure the backups are powered off and only powered on when the time has come to perform a backup.) Cryptographic erase may not be available from a USB SED Drive vendor but you can do a quick reformat and remove the password that unlocks the drive.  Some SED vendors do provide a separate utility for cryptographic erase.  Bitlocker does this.  Also the DTA Open Source Windows and Linux utilities does this.

How do I buy an SED?

You can search on "self-encrypting drive" or "hardware encrypting drive" or "Opal Drive" from resellers such as Amazon.  But be careful, mislabelling is possible.  Check the make and model with the manufacturer's site.  Manufacturers generally do not sell directly.  Check that the model is for a TCG Opal Drive, and not a TCG Enterprise Drive (which will be much more expensive because it is designed for data centers and will not be as versatile for personal use).

Does Linux support SEDs on PC/Laptops?

Yes, our DTA Open Source provides a method of setting up an Opal SED.

What software do I need for an SED?:

If you buy a USB SED, the software comes with the drive, and you can set it up so you don’t have to install any software on your PC or Laptop. If you have a new internal TCG SED, you can use your preboot setup to set the drive or hard drive Password.  This involves no software.   Furthermore, the password you provide will not be available to the operating system software.  With newer machines, you may also have the ability to do a sanitize command. See Software Vendors for a list of other software vendors that support TCG Opal.

© Copyright 2015-2017 Bright Plaza, Inc.  All Rights Reserved.