An Overview of Hardware Encryption
Se vuoi proteggere i tuoi dati e mantenerli sicuri, dovresti prendere in considerazione l’attivazione di una forma di crittografia sul tuo computer. Dopo che i dati sono crittografati, ti servirà una chiave segreta o password per decrittarli e avere accesso completo. Ci concentreremo qui sulla crittografia hardware, ma se tu volessi leggere di più su altri tipi di sicurezza, consulta il nostro articolo Differenti tipi di crittografia unità e sicurezza.
What is hardware encryption?
Hardware encryption means the encryption happens within the drive. An SSD that has encryption built into the hardware is more commonly referred to as a Self-Encrypting Drive (SED). The majority of Crucial® SSDs are SEDs.
How does the hardware encryption on Crucial SEDs work?
With an SED, the encryption is always on, meaning when data is written to the SED it is encrypted by the controller and then it is decrypted when read from the SED. The password security feature needs to be activated by encryption management software. If that is not done, there is nothing stopping a user from reading the data on the drive. In other words, the SED will generously decrypt all information for anyone who asks, unless security management software is installed to prevent that.
The easiest way to regard this is like a security system in a house. Until this is "armed" (through the use of a piece of third-party software for applying login credentials, for example) it is simply there but not actively protecting your data.
What are the advantages of hardware encryption?
SED technology provides verified and certified data security that offers nearly unbreakable pre-boot access protection for user data. Because the encryption is a part of the drive’s controller it provides pre-boot data protection. Running a software utility to try and break authentication codes is not a possibility since the encryption is active before any software has started to load. Another advantage of an encryption feature that is active at all times is that this makes it possible for the drive to meet the compliance requirements of government standards for data in banking, finance, medical, and government applications, by adhering to TCG Opal 2.0 specifications and IEEE-1667 access authentication protocols. Crucial SEDs also support the standard full disk encryption protocol through the ATA-8 security command feature set.
Also, because the encryption takes place on the SED and nowhere else, the encryption keys are stored in the controller itself and never leave the drive.
Hardware encryption vs software encryption?
The main advantage to using hardware encryption instead of software encryption on SSDs is that the hardware encryption feature is optimized with the rest of the drive. If a user applies software encryption to a storage drive this adds several extra steps to the process of writing to the drive, because the data needs to be encrypted by the encryption software while it is being written. That same data then needs to be decrypted by the software again when the user wants to access it, which slows down the read process. In other words, adding a layer of software encryption negatively impacts the performance of an SSD.
The hardware encryption of an SED however, is integrated into the controller, which means there is no impact on SSD performance either in the short term or in the long run. The read and write speeds are already taking encryption into account, because it already happens on every write cycle and decryption happens on every read cycle. The encryption is simply a part of the drive’s normal operation.
How to activate hardware encryption?
Tutto ciò di cui ha bisogno un utente per trarre vantaggio dalla capacità crittografica di un SED è un’utilità software che fornisca la gestione della chiave di crittografia per dispositivi SED. I SED Crucial sono in totale conformità allo standard Microsoft® eDrive, che fornisce una semplice sicurezza dei dati plug-and-play attraverso l’uso di Windows® BitLocker®. Dato che Windows BitLocker non ha bisogno di crittografare i dati prima di poter essere usato (è già stato fatto dal controller dell’SSD), non c’è ritardo o attesa per la crittografia. Dopo aver abilitato Windows BitLocker, il SED è istantaneamente pronto all’uso. Tutto ciò che devi fare è lasciar funzionare l’unità a crittografia automatica come ha sempre fatto, e godere della tranquillità e delle alte prestazioni di un’unità a crittografia basata su hardware.
Per attivare la crittografia hardware sulla tua unità, fai riferimento alla nostra guida qui.
©2019 Micron Technology, Inc. All rights reserved. Information, products, and/or specifications are subject to change without notice. Neither Crucial nor Micron Technology, Inc. is responsible for omissions or errors in typography or photography. Micron, the Micron logo, Crucial, and the Crucial logo are trademarks or registered trademarks of Micron Technology, Inc. Microsoft, Windows, and Bitlocker are trademarks of Microsoft Corporation in the U.S. and/or other countries. All other trademarks and service marks are the property of their respective owners.