Everyone thinks data breaches won't happen to them.  Precautions and security measures are deployed, but it is difficult to secure everything.  One clicked email or storage drive hacked could result in a breach, which could be costly.  Costs typically associated with data breaches include:


  • Regulatory fines
  • Forensic services
  • Customer compensation, such as credit monitoring services
  • Negative publicity and impact to the company's brand
  • Legal fees

Although no environment is completely secure, IT users want the excellent security features available to help protect their data. This is why KIOXIA SSDs provide a range of data security and encryption options to suit data center requirements.


KIOXIA SSDs with encryption and sanitize capabilities can save customers the cost of destroying physical drives.


A stolen laptop exposed personal data of 20,000+ people. An encrypted SSD could better protect customer data.*1

*1 : U.S. Department of Health & Human Services

SSDs with encryption could reduce the average cost of a data breach by US$237,176. A stolen and unprotected device, such as an SSD, could increase the cost by US$192,455.*2

*2 : "Cost of a Data Breach Report 2020," © IBM Corporation 2020.

What protection is available for KIOXIA SSDs?

Non-SED (No Encryption) Block Erase

  • When the objective is to simply erase data on a SSD.
  • Data cells on the SSD are all reset to their original factory state & user data from the SSD is deleted. Accessible data and hidden user data is no longer accessible.
  • Drawbacks:
    - Time consuming process to complete
    - Consumes SSD’s available Program/Erase cycles, reducing the drive’s overall endurance
    - Some data may still be visible/accessible

Sanitize Instant Erase (SIE)

  • Uses on-board crypto processors to cryptographically encrypt & decrypt data as it is written to/read from the SSD.
  • When the sanitize command is executed with crypto-erase option, the sanitization process is nearly instantaneous, after which the sanitized data cannot be decrypted back to the previous state.
  • Advantages over Block Erase:
    - Faster data sanitization
    - No impact on SSD endurance

Self Encrypting Drive (SED)

  • Uses Advanced Encryption Services (AES) algorithm & an onboard crypto-processor.
  • When system is powered and the proper credentials are provided, the SSD “unlocks” & the stored data is decrypted.
  • SED offers instantaneous cryptographic erasure which helps reduce device retirement or redeployment costs.
  • Advantages over software encryption:
    - Host processor cycles not used
    - Greater protection than a non-encrypted drive
    - Easier deployment & usage

FIPS 140-2

  • The Federal Information Processing Standard (FIPS) 140-2 which is developed by the National Institute of Standards and Technology (NIST) specifies the security requirements to validate the encryption module design and implementation.
  • Being validated as FIPS 140-2 (Level 2) guarantees that the SSDs meet the security inspection standard defined by US government regarding the data security.
  • KIOXIA will migrate to FIPS 140-3, when FIPS 140-2 testing ceases.

What is FIPS 140-2 and why is it important?


The Federal Information Processing Standard 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards. FIPS 140-2 must be used when designing and implementing cryptographic modules used by federal departments and agencies.

NIST's Cryptographic Module Validation Program (CMVP) Process

Security and encryption options available for KIOXIA SSDs

Category SSD Series  Sanitize Instant Erase (SIE) Self Encrypting Drive (SED) FIPS
Enterprise FL6 140-2 Certification 3983
140-2 Certification 3983
140-2 Certification 3965
Data Center CD6-V
140-2 Certification 3983
XD6 (9.5mm)    
Client BG5    

Optional security feature compliant drives are not available in all countries due to export and local regulations.

  • All company names, product names and service names may be trademarks of their respective companies.