Jan 13, 2012

How much of a security win for IT Departments is the Digisafe DiskCrypt shown at CES?

At CES, there was a company called ST Electronics exhibiting a hard disc enclosure for laptops that takes a firmware approach and uses passthrough encryption for data. The biggest apparent difference between this and a self-encrypted drive is that the DiskCrypt can be installed in laptops that are already in use, and drives can be swapped out with little effort. If the encrypted drive is removed from the enclosure it is essentially wiped. Obviously I haven't had the opportunity to actually try the product out, but it seems to me like a potential solution to one of those recurring security concerns: the unsecured laptop. Could this (or a similar device) be something that minimizes BYOD security problems for laptops?


I'm interested in getting my hands on DiskCrypt and giving it a look.  There are software based encryption solution like TrueCrypt that add a significant level of security and have the advantage of being free.  However, I prefer a hardware solution over a software solution for security most of the time.  DiskCrypt has the advantage, in theory, of turning 1.8" drives into fully encrypted removable storage.  It makes it much easier, again in theory, to switch encrypted drives from machine to machine.  But the primary appeal to me is that DiskCrypt will be sitting there on careless employees' laptops and automatically keeping their data more secure whether they like it or not.  If this is not overly expensive hardware, it sounds worthy of further exploration.

Well, it could certainly be a help though I'm not sure if it's any kind of panacea for the problem. I'd probably consider it as one tool in wider arsenal for IT departments.

Here's a link to the FAQ that has some helpful information on the product for those who are interested.


"What is DiskCrypt?
DigiSAFE DiskCrypt is a 2.5” storage encryption hard disk, designed to be used in notebooks. It allows the user to install any 1.8” micro-SATA hard disk and contains a hardware-based cryptographic module that encrypts all data written into this disk to provide Full Disk Encryption (FDE). DiskCrypt encrypts every single sector transparently in hardware without any loss in disk performance.

What is the advantage of using DiskCrypt over encryption software to protect data?

Unlike existing software solutions, DiskCrypt encrypts every single sector of the hard disk. This means all temporary files, all partitions and even the boot sector is encrypted

One major disadvantage of existing software disk encryption products is that they are Operating System (mostly Windows) dependent. DiskCrypt, on the other hand, presents to the host just like a normal drive after authentication, and is independent of the OS installed.

DiskCrypt is a drop-in and easy-to-install replacement for standard 2.5” notebook hard disk drive and does not involve any tedious and error-prone software installation and configuration. Just plug DiskCrypt in the notebook, authenticate yourself and you are ready to go.

Once installed, DiskCrypt does not require any maintenance or patches thus reducing the total cost of ownership of the product. There are also no performance overheads due to transparent real-time hardware encryption/decryption of data, unlike software-based solutions."
Answer this