Category Archives: Secure Storage

Encryption, Key Management, and ISO/IEC 27040

SNIA has recently published a paper that I worked on with Eric Hibbard of Hitachi Data Systems and the SNIA Security Technical Work Group. This paper provides some insights into the requirements of ISO/IEC 27040 Information technology — Security techniques — Storage Security.

The paper is entitled Storage Security: Encryption and Key Management:

Abstract: The ISO/IEC 27040:2015 (Information technology – Security techniques – Storage security) standard provides detailed technical guidance on controls and methods for securing storage systems and ecosystems. This whitepaper describes the recommended guidelines for data confidentiality, including data in motion encryption, data at rest encryption, and key management. The practical implications of these recommendations are discussed from both an end user and storage vendor perspective.

2015 Self-Encrypting Drive Market and Technology Report

Tom Coughlin (Coughlin Associates) and I have been working on a report on SED drives in the marketplace. Here’s the release:

2015 Self-Encrypting Drive Market and Technology Report Released

Analysis and Projections for SED HDDs and SSDs

San Jose, CA—April 14, 2015—A newly released report from Coughlin Associates on the self-encrypting drive market, the 2015 Self-Encrypting Drive Market and Technology Report, provides 38 pages of in-depth analysis of factors preventing and promoting growth of self-encrypting HDDs and SSDs. Projections out to 2019 for SED capable and SED enabled hard disk drives and solid state drives show expected growth of these products and their applications.

The major conclusions from this report are:

  • By 2017 we project that 100% of all HDDs shipped will be SED capable, driven by implementation of this capability into commercial HDD controllers.
  • By 2018 about 11% of all HDDs shipping units will shift to SED enabled or promoted products, driven by security adoption demand.
  • By 2018 the high, median and low estimates for SED enabled adoption for HDDs are 85 M, 70 M and 54 M units.
  • By 2014 almost all SSDs were SED capable and by 2015 they all have this capability.
  • Although actual SSD SED feature implementation in 2018 is 100% in about 236 M SSDs, the projected actual SSDs from that year intended for security and data protection purposes is estimated at less than 24 M units.

Various factors behind the slow market adoption of the technology in its early history:

  • slow corporate IT spending due to uncertainty and tight IT budgets in the last few years,
  • lack of knowledge about the difference between HW based encrypted SEDs and SW encrypted solutions.
  • lack of training of OEMs and integrators on the use and advantages of SEDs limits their growth.
  • legal issues limiting the use of encrypted drives in some countries,
  • a limited initial market mainly driven by government mandates,
  • until recently, a lack of common standards and a continuing lack of product certification,
  • lack of secure auditing facilities and,
  • concerns about data availability, largely due to key management issues and operating system support.

Various factors that favor the continued growth of SEDs:

  • cost parity of SEDs to non-self-encrypting storage devices will make it easier to get these products adopted universally,
  • with SEDs there is no discernable encryption time like there is with SW encryption,
  • SEDs don’t have the performance overhead that SW encryption running on the host has, leading to better overall system performance,
  • SEDs may have a somewhat longer useful life than drives used in a software encrypted system, due to increased reads and writes with SW encryption,
  • because the encryption key is stored on the storage device, it cannot be accessed through host hacking, like SW encryption can,
  • SEDs are less complex to implement in storage array encryption solutions,
  • government mandates and regulations are increasing the requirements for privacy and favor the use of SEDs, particularly those with FIPS 140 certification,
  • secure erase reduces re-provisioning and end of life costs, and is the only effective way to make data on a SSD inaccessible

Purchase of the report and the accompanying power point presentation with report figures and tables provides the most definitive information on the self-encrypting HDD and SSD markets and technology.

The 2015 Self-Encrypting Drive Market and Technology Report, is now available from Coughlin Associates. To get a copy send a completed order form in the report brochure at or call us at 408-978-8184 or email us at