TCG Opal AES‑256 IEEE 1667 Bitlocker Data sanitization

Self-encrypting drive (SED)

Get serious about security

The current era of rugged edge computing and the Internet of Things (IoT) brings incredible opportunity for innovation. However, the inherent security challenges in edge computing environments risks stifling innovation. That is why Exascend’s self-encrypting drive (SED) solutions present a unique opportunity to double-down on edge innovation without jeopardizing data security.

Better yet, SEDs’ negligible impact on system performance means that encryption and data security no longer come with any notable tradeoffs. On the contrary, with self-encrypted drives, the time for data security is now – even in applications with limited risk profiles.

With impenetrable AES-256 encryption, powerful protocols like TCG Opal 2.0 and intelligent features such as user-specific locking ranges, SEDs make it easy to get serious about security.

SED benefits

Icon illustrating edge computing for SEDs

Perfect for the edge

Edge and IoT devices are uniquely exposed to external security threats. Exascend’s secure SSDs ensure that data is safe even in the event of device theft.

Icon illustrating a high level of interoperability for SEDs

Made for any environment

TCG Opal 2.0 enables compatibility across devices and operating systems, guaranteeing that fortified security is possible in any system and operating environment.

Icon illustrating security for SEDs

Unbeatable security

The combination of the impenetrable AES cipher and hardware encryption provides data security invulnerable to software and operating system-level breaches.

Icon illustrating high-performance SEDs

Blazing-fast performance

Hardware encryption ensures that the task of encrypting and decrypting data is left to the storage device instead of wasting valuable system resources.

Understand SEDs

Abstract image representing full disk encryption (FDE) with Exascend's SED SSDs

Full disk encryption (FDE)

With full disk encryption, also known as whole disk encryption, all data stored inside the storage device is encrypted. That means that if the storage device gets in the wrong hands, none of the data can be accessed by the perpetrator. 

FDE benefits

  • Negligible impact on system performance with hardware-based implementations.
  • Encryption is not limited to specific partitions, folders or files.
Abstract image representing Exascend's self-encrypting drives (SEDs)

Self-encrypting drive (SED)

A common implementation of full disk encryption is SED. Self-encrypting drives achieve full disk encryption by leveraging purpose-designed storage devices that implement encryption on the hardware level. With SEDs, the storage device automatically encrypts data before storing it on the device, thus leaving no data unencrypted.

SED benefits

  • Negligible impact on system performance as the storage device handles encryption/decryption with an integrated encryption engine – not the host device.
  • Many different implementations available, allowing a high degree of flexibility.
Image illustrating a secure system with a padlock embedded on an integrated circuit.

AES-256 (256-bit AES encryption)

AES-256, or 256-bit Advanced Encryption Standard (AES) encryption, provides virtually unbreakable encryption with, at most, only a negligible impact on storage performance. In applications where the storage device getting in the wrong hands is even a remote possibility, AES-256 is an excellent choice for guaranteeing that data remains completely indecipherable even faced with the most competent and dedicated type of culprit.

Exascend’s implementation of AES-256 leverages a dedicated crypto processor inside the flash storage device, allowing encryption and decryption of data stored on the device to take place independently of the host. The result is a software-independent military-grade encryption that you can trust with both data and not slowing down your system.

AES-256 benefits

  • Utilizes an uncrackable 256-bit cipher, also known as the Rijndael cipher.
  • Approved by the United States for the highest level of classified information, i.e., Top Secret.
  • Well-supported industry standard used across a wide range of product categories and industries.
Abstract image depicting a digital key representing TCG Opal 2.0-compliant SED SSDs from Exascend

TCG Opal 2.0

TCG Opal 2.0 is a set of specifications for SEDs established by the Trusted Computing Group (TCG), a consortium of leading technology companies. Compliance with the TCG Opal 2.0 specifications protects user data from unauthorized access and guarantees industry-wide device interoperability.

Exascend’s compliance with the TCG Opal 2.0 specifications means that our self-encrypting drives protect user data from unauthorized access with features such as hardware encryption and LBA-based read/write permissions.

TCG Opal 2.0-compliance also guarantees industry-wide device interoperability, making it a platform-agnostic way to implement the secure features that a self-encrypting drive brings to users and applications.

TCG Opal benefits

  • Provides innovative features such as user-specific locking ranges, making it easy to subdivide device data on a per-user basis.
  • Enables near-instant cryptographic erase that works by destroying the Media Encryption Key (MEK).
  • Well-supported industry standard used across a wide range of product categories and industries.
Image illustrating the concept of device authentication in Exascend SEDs

IEEE 1667

Universal standard for the authentication of storage devices maintained by the Institute of Electrical and Electronics Engineers (IEEE) and supported by Exascend SEDs.

IEEE 1667 benefits

  • Operating system-independent standard.
Abstract image depicting a digital shield representing Microsoft Bitlocker-compliant SED SSDs from Exascend

BitLocker

Data protection feature developed by Microsoft and supported by Exascend SEDs that provides full-disk encryption for storage devices used with Windows operating systems.

BitLocker benefits

  • Seamlessly integrated into Windows operating systems.
  • Continuously updated and maintained by Microsoft.
Looking for a customized SED solution?

Data sanitization options

Crypto erase

The near-instant crypto erase protocol is only available on SEDs and works by simply replacing the key that encrypts/decrypts all data stored inside the device. Without the original key, the data is scrambled beyond even a theoretical chance at recovery.

Fast erase

Fast erase quickly sanitizes data by only overwriting the storage device’s mapping table. While the encrypted data still technically resides on the device, without the mapping table, the system has no way of recovering it. 

Normal erase

The normal erase protocol thoroughly sanitizes data by overwriting the storage device’s mapping table and data, removing all original data. Unlike the two other options, data is not only rendered irrecoverable – it is no longer on the device.

How SEDs work

(Example using an Exascend SED with TCG Opal 2.0)
Flowchart image that displays how an Exascend SED works
  1. Upon boot, the system accesses the virtual master boot record (MBR) where the user has to enter their password.
  2. Once the correct password has been entered, the real MBR decrypts the media encryption key (MEK) with the now-unlocked key encryption key (KEK).
  3. The MEK is used to encrypt and decrypt data stored on the SSD, allowing seamless data read/write.
  4. As soon as the system loses power, re-authentication is required to access the AES-encrypted data.

Applications that use SEDs

Industrial

Tackle challenging industrial environments that require only the best.

Mission critical

Succeed in tough applications where failure is never an option.

Enterprise

Excel under enterprise-level workloads day after day.

Transportation

Thrive in demanding applications that are always on the move.

Telecommunications

Upgrade your infrastructure and enable the next generation of connectivity.

Edge computing

Build the world of tomorrow with cutting-edge computing everywhere.

Our SED solutions

PI3 series

The PI3 series brings together Exascend’s industrial expertise with the high-speed PCIe 3.0 interface and high-density 3D TLC – resulting in a highly competent lineup of industrial-grade storage.

PCIe 3.0

Interface

3D TLC

Flash

Industrial-grade

Design

Up to

3,100MB/s

Sustained read

Up to

1,600MB/s

Sustained write

Exascend SATA SSD SI3 series for industrial applications

PE3 series

The PE3 series brings high-level performance to enterprise applications without compromising on stability. Available in a wide variety of configurations and storage capacities, the PE3 series fits any demanding enterprise application.

PCIe 3.0

Interface

Enterprise-grade

Design

Up to

7,680GB

Storage capacity

Up to

3,200MB/s

Sustained read

Up to

2,000MB/s

Sustained write

SI3 series

The SI3 series is a high-end product line featuring industrial-grade SATA-III storage devices available in the M.2 and 2.5″ form factors.

SATA-III

Interface

Industrial-grade

Design

3D TLC

Flash

Up to

550MB/s

Sustained read

Up to

535MB/s

Sustained write

SE3 series

The SE3 series is an advanced SATA-III product line that comes in a wide variety of configurations to satisfy any enterprise application’s storage needs.

SATA-III

Interface

Enterprise-grade

Design

Up to

8,000

TBW

Up to

550MB/s

Sustained read

Up to

535MB/s

Sustained write

Or are you looking for a customized SED solution?
Scroll to Top

There's no time like the present.

Send us an inquiry

Exascend Newsletter

Subscribe to our newsletter to receive updates about products, services, events and resources you may find of interest.

Download whitepaper