KIOXIA SSD Security and Encryption
KIOXIA SSD Security and Encryption
Everyone thinks data breaches won't happen to them. Precautions and security measures are deployed, but it is difficult to secure everything. One clicked email or storage drive hacked could result in a breach, which could be costly. Costs typically associated with breaches include:
- Regulatory fines
- Forensic services
- Customer compensation, such as credit monitoring services
- Negative publicity and impact to the company's brand
- Legal fees
Although no environment is completely secure, IT users want the best security features available to help protect their data. This is why KIOXIA SSDs provide a range of data security and encryption options to suit data center requirements.
KIOXIA SSDs with encryption and sanitize capabilities can save customers the cost of destroying physical drives.
Client System Breach Example
A stolen laptop exposed personal data of 20,000+ people. An encrypted SSD could better protect customer data.*
*U.S. Department of Health & Human Services
Data Center Breach
SSDs with encryption could reduce the average cost of a data breach by $237,176. A stolen and unprotected device, such as an SSD, could increase the cost by $192,455.*
*"Cost of a Data Breach Report 2020," © IBM Corporation 2020.
What protection is available for KIOXIA SSDs?
Non-SED (No Encryption)
Block Erase
- When the objective is to simply erase data on an SSD.
- Data cells on the SSD are all reset to their original factory state & user data from the SSD is deleted. Accessible data and hidden user data is no longer accessible.
- Drawbacks:
- Time consuming process to complete
- Consumes SSD’s available Program/Erase cycles, reducing the drive’s overall endurance
- Some data may still be visible/accessible
Sanitize Instant Erase (SIE)
- Uses on-board crypto processors to cryptographically encrypt & decrypt data as it is written to/read from the SSD.
- When the sanitize command is executed with crypto-erase option, the sanitization process is nearly instantaneous.
- Advantages over Block Erase:
- Faster data sanitization
- No impact on SSD endurance
Self Encrypting Drive (SED)
- Uses Advanced Encryption Services (AES) algorithm & an onboard crypto-processor.
- When system is powered and the proper credentials are provided, the SSD “unlocks” & the stored data is decrypted.
- SED offers instantaneous cryptographic erasure which helps reduce device retirement or redeployment costs.
- Advantages over software encryption:
- Host processor cycles not used
- Greater protection than a non-encrypted drive
- Easier deployment & usage
FIPS 140-2
- A US government computer security standard applied to cryptographic devices.
- Used when working with sensitive but unclassified (SBU) data.
- May provide the addition of tamper-evident coatings, seals or tapes.
- KIOXIA FIPS 140-2 compliant SSDs are certified by an accredited facility. Ideal for government agencies & regulated industries such as financial & health-care. KIOXIA will migrate to FIPS 140-3, when FIPS 140-2 testing ceases.
What is FIPS 140-2 and why is it important?
The Federal Information Processing Standard 140-2 (FIPS 140-2) is an information technology security accreditation program for validating that the cryptographic modules produced by private sector companies meet well-defined security standards. FIPS 140-2 must be used when designing and implementing cryptographic modules used by federal departments and agencies.
Security Blog
Security and encryption options available for KIOXIA SSDs
Security and encryption options available for KIOXIA SSDs
| Category | SSD Series | Sanitize Instant Erase (SIE) | Self Encrypting Drive (SED) | FIPS |
|---|---|---|---|---|
| Enterprise | PM6-WI PM6-MU PM6-RI |
✔ | ✔ | 140-2 in progress |
| PM5-V PM5-M PM5-R |
✔ | ✔ | 140-2 Certification 3290 |
|
| CM6-V CM6-R |
✔ | ✔ | 140-2 in progress | |
| CM5-V CM5-R |
✔ | ✔ | Capable | |
| Data Center | XD5 | ✔ | Capable | |
| CD6-V CD6-R |
✔ | ✔ | 140-2 in progress | |
| Client | XG6 XG6-P |
✔ | ||
| BG4 | ✔ |
In progress: Application has been submitted to NIST for processing and awaiting approval.
Capable: While the architecture is designed to pass the NIST process, an application has not been submitted.
A new window will open.
PDF will open in a new window.