SecureDoc

Enterprise Disk & Data Encryption

Self-Encrypting Drives (SED)

SecureDoc Enterprise Server (SES) is capable of managing Self Encrypting Drives (SEDs) making it easier for organizations to deploy and manage. With an SED encryption is always on, the key never leaves the drive and authentication is done independent of the operating system.

What Is an SED?

The abbreviation “SED” stands for “self-encrypting drive.” An SED is a hard disk drive (HDD) or solid state drive (SSD) with an encryption circuit built into the drive. It transparently encrypts all data written to the media and, when unlocked, transparently decrypts all data read from the media.

In an SED, the encryption keys themselves never leave the confines of the SED hardware and therefore are safe from OS level attacks. 

Why is Software-based Encryption Key Management needed to manage SEDs?

Encryption of any form doesn’t provide confidentiality without authentication and management of it. That is why its important to have a solution in place that can provide more robust authentication of devices and ensure that your data is safe from harm.

WinMagic provides application-aware intelligent key management for everything encryption with robust, manageable, and easy-to-use data security solutions. WinMagic provides organizations control over their data security environment through its SecureDoc Enterprise Server (SES), ensuring maximum security and transparency in the regular work flow. 

How Does an SED Work?

An SED works by utilizing a unique and random data encryption key (DEK). A DEK is a data encryption key that transforms data to and from an unbreakable code. An encryption engine creates DEKs.

Whenever you write data to the drive (e.g. create a file and save it to the hard drive), it gets encrypted with the DEK. And whenever you read data from the drive (e.g. access a file stored on the SED), it’s decrypted with the same DEK.  An SED is manufactured to be that way - it starts encrypting the moment it comes off of the assembly line.

As a result, the data on an SED is encrypted at all times. All of the encryption and decryption takes place within the drive, not within the computer’s memory or processor. If someone hacks the computer, the criminal doesn’t have access to the DEK

What Are the Benefits of an SED?

If you’ve been thinking about purchasing a self-encrypting drive (SED), but haven’t yet made the decision, SEDs offer a number of benefits that you should consider.

To start, SEDs have a negligible impact on performance speed – you most likely won’t even notice it. The encryption software is completely integrated, so there’s no need for other system components to step in and perform any heavy lifting.

Second, SEDs are one of the strongest security tools money can buy. They’re independent of the operating system, so even if a hacker attacks a computer, it is nearly impossible to access the SED (and the encryption keys stored therein) when the computer is turned off.

Third, using an SED is simple… once paired with a 3rd party Encryption Key Management software.  The software optimizes the SED’s decryption and encryption functions, and the key management, so you don’t need to worry about anything.

Finally, SEDs are inexpensive to deploy and maintain. SEDs encrypt the moment they come off the assembly line. Management software does the rest, ensuring that SEDs do their job without the need for human intervention. That saves time and money.

SED on-board technology to encrypt data

Organizations worldwide are increasingly securing confidential information on self-encrypting drives (SED’s), recognizing that this approach simplifies the deployment of security for data at rest.

As storage and security continue to converge, solutions like SED’s are leading the way by providing organizations with the strong, easy-to-use security they need to protect their data assets. SEDs drives are fast becoming the standard for enterprise customers who want a level of security built right into their devices. SED’s have their own on-board technology to encrypt data written to the drive many of which support the Opal specification of the Trusted Computing Group’s Storage Working Group.

Learn more

Adds authentication capability

Central control & administration

 

Supports heterogeneous environment with both hardware and software encryption

Extends protection beyond the encrypted drive including removable media encryption

 

Audit trails and activity monitoring

High performance hardware encryption

How Self-Encrypting Drives work

SecureDoc Enterprise Server (SES) collects encryption key information from the self-encrypted drive and provides the same central control, escrow and protection that is used for software-encrypted drives. Hardware encryption support is available with SecureDoc client installations on Windows, Mac and Linux OS platforms and the majority of Opal compliant SED’s are currently supported.

SecureDoc supports a heterogeneous environment, allowing you to deploy a mix of encryption formats. You can leverage self-encrypting hard drives on some machines while using SecureDoc’s software encryption to protect ‘legacy’ and other machines until hardware refresh is completed.
SecureDoc makes it possible to derive immediate benefits from hardware encryption while ensuring compliance with legislation and regulation by also protecting legacy machines – all managed within the same solution. WinMagic continues to lead the way to the next generation in full-disk encryption innovation.
Ponemon Study

Ponemon Study. Find out how:

  • Self-Encryption Drives (SEDs) can offer significant savings by reducing lost end-user productivity
  • Shocking per-user/per-year savings of SEDs compared to Software-based encryption
  • Regardless of the encryption method used, the benefits of encrypting data outweigh the total cost of ownership by a factor of 4 to 20x
  • ...And more!

Download your copy


For organizations that have a need to deploy Linux SecureDoc takes an Operating System (OS) neutral approach to managing these systems through the use of SEDs.

SecureDoc OSA (Operating System Agnostic) allows SecureDoc users to encrypt their hard drive without needing to install any software in the OS. Using OPAL SEDs, installation is performed at pre-boot which eliminates the need to create an OS-specific installation package. This is ideal for organizations that want to be able to run Linux in their environment and still be able to manage and audit the security of systems.

SecureDoc OSA (Operating System Agnostic)
WinMagic TCG SED Compatibility Certification Program

WinMagic TCG SED Compatibility Certification Program

The WinMagic TCG SED Compatibility Certification Program offers SED manufacturers the ability to leverage WinMagic expertise to test, validate and certify Opal specification implementations for compatibility with WinMagic software. Learn more

View supported drivesview certified partners

Learn more about self-encrypting drives from our blog