Foremay describes secure
erase options for SSDs
Editor:- August 20, 2010 - Foremay's CTO, Jack
Winters presented a paper -
Secure Erase
Options for SSDs (pdf) - at the recent Flash Memory Summit.
The
paper describes the need for
SSD data purge and
the 3 techniques which the company supports in its Avalanche Secure Erase
Suite.
“In a regular
SSD, deleting a file only
removes its name from the directory or file table. User data remains until
overwritten by new data. Even reformatting the SSD leaves data intact,”
said Jack Winters, CTO of Foremay, during the Flash Security workshop. “The
Avalanche Secure Erase Suite employs various technologies to overwrite or
destroy all user data in allocated blocks and file tables, as well as data in
reallocated defective blocks.”
...read the
article (pdf)
Editor's comments:- other hardware data
destruction technologies for SSDs are also available from
other vendors.
a reader asked me about notebook SSD encryption
Editor:-
June 29, 2010 - a reader asked me some good questions about
notebook SSD encryption.
Did encryption impact performance and endurance? Had I already written about
this in another article he had missed? ...see what I said
Nasuni offers $5,000 to successful espiones
Editor:-
June 22, 2010 - I have to hand it to the marketers at Nasuni - they've come
up with a
clever
promotion scheme.
Cynics (aka experienced computer realists) are
worried that cloud storage
may be inscecure - right?
Nasuni say - that the 1st person who can
reveal the contents of a file which they have made
visible
here can win $5,000.
"We're aware that many businesses are
dubious about cloud storage for security reasons," said Nasuni CEO and
co-founder Andres Rodriguez. "Data leakage is a major concern. With cloud
storage, you have to entrust your data to an outside party, and your data is
swimming around in the cloud with other customers' data. Intuitively, it seems
risky. Customers are smart to be wary. But we've built a system that protects
against these risks. We're confident that Nasuni can keep your data safe in the
cloud, and we are willing to go the distance to prove it."
Editor's
comments:- the clock is ticking. After 30 days - the company will donate the
"unwon" money to a good cause.
Who's going to crack it 1st?
- the Russians? or Chinese? Or has an NSA spook read the message already by the
time you see this posting - but won't claim the prize - because that would be
revealing too much.
I bought the 1st UK edition of
the
Cuckoo's Egg (1990) - and I can still remember the thrill of reading how a
barely noticeable security intrusion was traced over many modem hops and
international routes and much elapsed time and effort to reveal a real-life
espionage. Storage
Security
Super Talent's Cryptic USB3 SSD
Editor:- March 2,
2010 - Super
Talent Technology today
announced
imminent availability of a new
encrypted
USB 3
flash SSD - with
upto 256GB capacity.
When I asked for more technical details I was
told the datasheet isn't ready yet. The USB 3.0 SuperCrypt is a true SSD (with
wear-leveling).
Internally the module (95 x 34 x 15.4 mm) is a
SATA SSD with a USB
bridge chip.
Fast Purge flash SSDs
Editor:- September 25, 2009 -
StorageSearch.com today
published a new directory of Fast Purge flash SSDs.
The
need for fast and secure data erase - in which vital parts of a flash SSD or
its data are destroyed in seconds - has always been a requirement in military
projects. Although many industrial SSD vendors are offering their products with
extended "rugged" operating environment capabilities - it's the
availability of fast purge which differentiates "true military" SSDs
which can be deployed in
defense applications.
Most Secure USB Flash Memory Stick
Editor:- July 13,
2009 - IronKey
today announced the launch of its S200 USB flash drive for government and
enterprise customers.
IronKey's CEO David
Jevans said: "The IronKey S200 is the first and only
USB flash drive to achieve
the demanding FIPS 140-2, Level 3 security validation from NIST, giving even
more proof that IronKey is the world's most
secure flash drive. We
are also releasing a suite of new enterprise remote management capabilities,
available over the Internet from the IronKey managed service, or from our
enterprise server software that companies can install and operate themselves."
WD Ships 2TB Surveillance Drive
Editor:- May 19,
2009 - WD
announced availability of a 2TB model in its
AV-GP
line of hard drives
designed for the surveillance market.
Designed to last in always-on
streaming digital audio/video environments the new
SATA compatible
drive (MSRP $299) supports playback of up to 12 simultaneous HD streams.
SoleraTec Lightens the Load for Searching Streaming Surveillance
Camera Storage
Editor:- April 27, 2009 - SoleraTec has
incorporated support for the
Real Time Streaming
Protocol that allows for the direct video feed capture of IP-based video
surveillance cameras in version 5.2 of its
digital surveillance manager
software (SVM).
SoleraTec says its software is unique in its
ability to provide a file-based search and retrieval interface that enables the
user to actually play video surveillance files without first needing to retrieve
original hi-res assets from storage.
When its SVM ingests files, it
automatically creates low-resolution proxy files for fast search and view. Once
a desired video asset has been selected, clipped, and marked for export, the
new, user-configurable "extended export" functionality enables the
user to export needed data in a variety of ways, such as FTP, email, and local
file systems. Pricing for Phoenix 5.2 starts at $996.
EScon Launches Encrypted Desktop Storage
Editor:-
April 16, 2009 - EScon
has launched the Guardian MX-4 range of
eSATA connected
encrypted desktop
storage enclosures for the European market.
EScon's Managing Director,
Tony Howard, says "Backing up data to protect against hardware failure or
accidental deletion is universally accepted as good business practice, however
securing data against theft is less easy to guard against and may not even be
recognised as a threat. The focus is most often on ensuring the physical
security of the building in which the data is housed rather than on securing the
data itself."
Olixir Announces DataVault Support for FIPS 140-2
Washington, D.C. - March 9, 2009 -
Olixir Technologies announced it will add new security features to
its family of DataVault hard drives in Q2 2009.
This will make them
fully-compliant with the requirements outlined in the Federal Information
Processing Standards
FIPS 140-2.
Incorporating an advanced set of security features including anti-virus,
anti-malware and encryption agents, which have already been approved by the DOD
DARTT Team, Olixir's external drives will meet all criteria to be connected via
USB cables to U.S.
Department of Defense networked computers. This comprehensive security
capability will be resident on the Mobile DataVault products and run
independently of the host computer to proactively protect the drive and the
network from malware and virus infections.
...Olixir Technologies
profile
Sun Proposes Standardizing Tape Storage Encryption
Santa Clara, CA -
February 17, 2009 - Sun Microsystems today announced an open source
initiative for removable storage encryption in Solaris environments.
This
is based on the key manager which Sun already uses in some of its
Tape Libraries.
ZoneLoc Prevents flash SSD Data Walking into the Wrong Hands
Phoenix, Arizona - February
12, 2009 - White Electronic Designs Corp announced a new technology -
ZoneLoc - which automatically desanitizes a flash SSD to military standards
- when the device is moved outside a specified operating zone - to prevent data
falling into enemy hands.
The boundary can be tied to a fixed
location or made to be portable for mobile applications. ZoneLoc has
configurable features and options, including audible warnings, programmable
response times, wireless remote purging and sensitivity modes. Because the
protected device takes its own action, autonomously, security is guaranteed.
...White Electronic
Designs profile, Storage
Security, Disk
Sanitizers
Dress Down Jeans are Less Risky than Smart Suits - Implies
Survey
Editor:- January 19, 2009 - Dry Cleaners are becoming an
unintended potential recycling point for
USB storage - according to
a report today from CREDANT
Technologies.
In a phone survey of 500 laundries in the UK -
CREDANT found that on average 2 USB sticks were found each year by each site.
Dry cleaners in the suburbs, on the commuter belt or based in city centres find
the most USB or memory sticks. One dry cleaner in the heart of the City of
London said he is getting an average of 1 USB stick every 2 weeks, another said
he had found at least 80 in the past year.
Extrapolating from this sample, the company estimates the UK annual
figure for USB storage left at dry cleaners to be over 9,000.
Are
Brits more forgetful than others? Or does this show that wearing casual clothes
(which can be processed in your own washing machine) presents a lower
security risk than
formal suits. See also:-
Disk Sanitizers
Job Uncertainty Increases Risks of Illegal Data Migrations
Editor:- December
1, 2008 - Cyber-Ark has published results of a recent international IT
security survey called - "the Global Recession and its Effect on Work
Ethics".
The 600 respondents included office workers from New
York's Wall Street, London's Canary Wharf and Amsterdam in Holland.
50%
of US responders and 27% in the UK said they would be willing to work
80 hours a week if it meant they could keep their jobs. Nevertheless, there
is a risk that workers are using their IT privilege access rights to
conspire behind their bosses' backs to download vital, useful and competitive
information to take with them if and when they get the push.
56% of workers surveyed admitted to being worried about losing their
jobs. Alarmingly, in preparation, more than half have already downloaded
competitive corporate data and plan to use the information as a negotiating tool
to secure their next post. Top of the list of desirable information is the
customer and contact databases, with plans and proposals, product information,
and access/password codes all proving popular choices.
Memory sticks are the
smallest, easiest, cheapest and least traceable method of downloading huge
amounts of data, which is why this is often considered the "weapon of
choice". Other methods were photocopying, emailing, CDs, online encrypted
storage websites,
smartphones, DVDs,
cameras, SKYPE, iPods. ...read the
report (pdf), ...Cyber-Ark
profile, Storage
Security
STMicroelectronics Samples Secure e-Passport Microcontroller
Geneva,
Switzerland - November 25, 2008 - STMicroelectronics is sampling a
new microcontroller for secure identity cards.
The ST23YR80, which offers contact and contactless interfaces,
complies with the most advanced security smartcard standards and meets
ICAO requirements for machine readable
travel documents. The EAC (extended access control) e-Passport operation will
be supported in less than 3.5 seconds. The device can also optimize the
operating distance and transaction time by adapting its processor clock speed to
the magnetic field of the application reader It has 80Kbytes of onchip flash
memory to store extra biometric data.
...STMicroelectronics
profile, storage chips
Oxford Semi Dangles DAS Dongles
MilpitasCalif. -
November 4 , 2008 - Oxford Semiconductor today unveiled 2 new DAS
security encryption chips.
Aimed at
storage oems - the
OXUS931SE and OXUFS936DSE feature an embedded hardware encryption engine
enabling real time encryption with no loading on the host PC.
The
OXUFS936DSE
supports FireWire,
USB and
eSATA interfaces and
2 directly connected SATA disks. In addition, the device offers a range of LCD
and LED user interfaces that are supported by the flexible software framework,
greatly enhancing its capacity for product differentiation.
The OXUS931SE
is aimed at the consumer who needs low cost, single-drive secure storage. In a
traditional implementation, the OXUS931SE acts as a high performance bridge from
USB2.0 or eSATA ports to a SATA
hard disk drive in an
external storage box
supporting all current PC and Mac platforms. And, because of the OXUS931SE's
high performance, it can also be implemented as a internal security dongle
between a SATA port on the system motherboard and any internal SATA disk drive
without any loss of throughput, for a fast and easy upgrade to a secure
information system.
...Oxford
Semiconductor profile
New Tool Helps Reduce Identity Theft
NEW
YORK - September 16, 2008 - Identity Finder, LLC announced the
upcoming release of Identity Finder Enterprise Edition 3.5 and their newest
product, Identity Finder Monitoring Console.
Identity Finder
Enterprise searches computers for Personally Identifiable Information and helps
employees clean the data it uncovers, protecting themselves and their employers
from confidential data loss. One of the biggest challenges to preventing data
leakage is discovering all the places data exists. It can easily become buried
anywhere on a computer such as within a hidden column in a spreadsheet from years
ago.
Todd Feinman, Identity Finder's CEO, says, "Organizations can no
longer rely on simple anti-virus suites to protect information as there are an
ever increasing number of threats that steal personal data -- from viruses,
worms, and Trojans to spyware, botnets, and malicious web application exploits.
Even file sharing programs, voluntarily installed by many individuals, have
become a large source of data loss and full hard disk encryption cannot protect
against sensitive data exposure in these scenarios. Tools such as Identity
Finder are required."
...Identity Finder
profile | |
 | |
|
| Can You Trust Your Flash
SSD's Specs? |
Editor:- I've noticed is that
the published specs of
flash SSDs change
a lot -from the time a product they are first announced, then when they're
being sampled, and later again when they are in volume production.
Sometimes
the headline numbers get better, sometimes they get worse. There are many good
reasons for this.
The product which you carefully qualified may
not be identical to the one that's going into your production line for a
variety of reasons... ...read the article | |
| . |
 |
Learn How
to Trust Your Storage Drives - article by the Trusted Computing Group
How
much can you trust the security of data on your storage drives?
Snugly nestling in a RAID
system in your datacenter - maybe. Now what about when those self same
drives are in some one else's mitts - because they've been replaced, sold or
stolen?
The Trusted Computing Group has been working with
storage manufacturers
and other industry trade bodies
to create a standard model and framework for extending security into the storage
drive - using extensions of the
SCSI and ATA command sets
- and by extending the features originally designed for internal error logging.
Although at an early stage, readers may be interested in reading and commenting
(to TCG) on the draft document - which is published here as part of their
market liaison exercise. ...read the article,
...Trusted Computing Group
profile, Storage
Security, disk
sanitizers | |
|
| . |
 |
Sanitization
Methods for Cleaning Up Hard Disk Drives - article by Intelligent Computer
Solutions
Removing the data on old unwanted disk drives has
become a concern for all users. In 2005
Pointsec found that
they were able to read 7 out of 10 hard-drives bought over the Internet
at auctions such as eBay, for less than the cost of a McDonald's meal, all of
which had "supposedly" been "wiped-clean" or "re-formatted".
This article reviews the various methods available to sanitize hard disks along
with the advantages and disadvantages in each case....read the article,
...Intelligent Computer
Solutions profile,
disk sanitizers | |
| . |
|
Privacy
and Security Regulations - How Do they Impact Storage Systems? - article by
ASNP
What are the legal regulations covering the type of
storage system, backup and disaster recovery and encryption mandated for
companies operating in the US?
This article answers those questions
and is a sound starting point for anyone having the duty of care and
responsibility for their corporate data. Because regulations change so quickly
it's worth considering the impact of these best practises on your own
organisation even if you think you are currently outside the scope of these
laws. That will reduce the level of panic when they creep up on you. ...read the article,,
...ASNP profile,
Backup software,
Disk to disk backup,
Optical Storage Libraries,
Tape libraries,
Web based storage | |
| . |
| Storage Security - article |
In the
late 1980's I noticed that my defense and intelligence customers would, whenever
they left their offices, unplug the removable disk shuttles from their
workstations and lock them in solid filing cabinets which were built like safes
with two heavy duty padlocks. Since there were armed guards on the gates going
into those establishments, and electrified fences I knew they weren't worried
about burglars.
I remember joking once to a customer at GCHQ (that's the UK equivalent
of the NSA - if you're not familiar with Tom Clancy settings) that my own
insurance company insisted on having window locks on all the ground floor
windows of my house and that they didn't seem to have any... surely a weak
point since anyone could just hop in.
...read the article,
STORAGE Security | |
| . |
 |
SSL VPN
Gateways: A New Approach to Secure Remote Access - article by Netilla Networks
Security
is the cornerstone of any remote-access implementation; it is axiomatic that
good security is easily managed security. SSL VPN appliances can quickly
integrate into the network, providing companies with a rapid-deployment solution
without modifications or interruptions to existing application servers and
security mechanisms.
...read the
article,
...Netilla Networks profile,
Storage Security,
RAID controller cards | |
| . |
 |
Increasing
Flash Solid State Disk Reliability - article by SiliconSystems
Solid
state disks, based on flash technology, have greatly improved in performance in
recent years and now compete head to head with RAM based accelerator systems.
Flash also has significant advatanges in servers compared to RAM SSDs due to low
power consumption.
But if you think that all solid state disks which
use flash are equally reliable and enduring then think again.
That's
a bit like saying that a Mercedes 300SL sports coupe is as tough as a Tiger
tank because both were made in Germany and both are built out of metal. But as
Oddball (Donald Sutherland) says in the movie
Kelly's
Heroes "I ain't messing with no Tigers."
This article
by SiliconSystems, shows how their patented architecture cleverly manages the
wear out mechanisms inherent in all flash media to deliver a disk lifetime that
is about 4 times greater than of other enterprise flash products and upto 100
times greater than intrinsic flash memory. ...read the article,
...SiliconSystems
profile, Solid state disks | |
| . |
 |
the
Dangers of Removable Storage Media - article by Pointsec
In
the early
James
Bond films of the 1960s, viewers were introduced to an array of implausible
(at the time) portable high tech spy gadgets. Nowadays we know from our own
everyday experience that something the size of a cigarette lighter can actually
be a video camera with its own wireless internet access.
The
proliferation of miniature high capacity storage devices creates a serious
problem for commercial and national security. This article provides an up to
date picture of the intrinsic dangers posed by current removable storage
technologies. ...read
the article, ...Pointsec
profile, Security,
Removable Storage | | | |
