What are you looking for ?
Advertise with us
RAIDON

Self-Encrypting HDDs 77% to 144% Faster Than Software FDE

A review by Trusted Strategies sponsored by Seagate and Wave Systems

Before selecting one of the leading software-based full disk encryption solutions, consider this: it could take up to 24 hours to configure, install and encrypt the contents of the hard drive. That’s per user. Compare this to self-encrypting drives – where encryption is built into the drive itself. Each drive takes only a minute or two to configure.

These and other findings are detailed in the newly published review FDE Performance Comparison: Hardware vs. Software Full Drive Encryption, by Trusted Strategies LLC, an advisory firm specializing in IT security based in Pleasanton, California. The complete report, sponsored by Seagate Technology LLC and Wave Systems Corp.

                            Full Disk Encryption Throughput Tests
trusted_strategies_seagate_wave_systems_540_01

In its research, Trusted Strategies ran tests on three leading software FDE solutions and one hardware FDE solution, Seagate self-encrypting hard drives, putting them through a battery of tests such as initialization, system backups, virus scanning and opening, reading and writing large 100MB+ files used with larger applications. Startup and application loading took appreciably longer on platforms running software encryption. The biggest performance difference came with specific tasks, such as virus scanning or copying large amounts of data where hardware-based encryption was 114 percent faster than the average software FDE solution and comparable to the performance of a standard, non-encrypting hard drive.

Other highlights of the report include:

  • Harware speeds encryption – Self-encrypting drives performed between 77 and 144 percent faster than the software FDE. File/write performance tests showed hardware encryption performed 43 percent faster than the average of the three software FDE solutions.
  • Software FDE can take a full day to deploy and encrypt data – Installation and configurations for software can take from 12 to 25 minutes, but encrypting the data on a drive adds hours to the process. One software FDE solution took 23 hours and 46 minutes to complete the encryption on a 500 GB drive.
  • Hardware provides stronger protection of keys – With self-encrypting drives, the encryption keys are created and always held in the protected hardware of the drive. Therefore, they are not exposed to memory and CPU attacks. In addition, the user authentication is done securely by the drive hardware.
  • Software FDE solutions don’t always provide proof of compliance – A primary driver for laptop encryption is to achieve compliance with various data protection laws. While some software-based FDE solutions do a ‘reasonably good job’ in reporting and central management, other software-based solutions can’t prove that a specific laptop’s disk was ever encrypted or that it is still being encrypted.

"Any type of full disk encryption is better than no encryption at all," noted Trusted Strategies’ Bill Bosen, lead author of the review. "Software encryption is a good solution for continued use on legacy machines until the next purchase of laptops. Then it’s a good idea to take advantage of the performance, security, and installation advantages of hardware-based protection. Self-encrypting drives, coupled with their powerful central management solutions are clearly the way of the future."

"The chief perennial drawbacks to deploying software encryption for laptop computers are its management complexity and its significant drag on system performance," said Dave Mosley, Seagate Executive Vice President, Sales, Marketing and Product Line Management. "Seagate continues to work closely with Wave Systems and other independent software vendors to deliver hardware-based laptop PC security that centralizes and simplifies the management of secure laptops, reduces related costs, preserves full system performance and, in the end, brings laptop security to a wider range of computer users."

"One of the most striking findings in the Trusted Strategies benchmark review was the significant differences in the time it took for Wave’s preboot authentication to occur in the Seagate drives vs. the software encryption pre-boot solutions," commented Lark Allen, Executive Vice President of Business Development for Wave Systems. "With Wave’s pre-boot code on the self-encrypting drives, it added only two additional seconds to authenticate the user and unlock the drive. Software encryption preboot, on the other hand, added a significant amount of time — between 19 and 23 seconds. That’s a real performance penalty every time a user unlocks their system."

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E