TCG Opal AES‑256 IEEE 1667 Bitlocker Data sanitization
Self-encrypting drive (SED)
Get serious about security
The current era of rugged edge computing and the Internet of Things (IoT) brings incredible opportunity for innovation. However, the inherent security challenges in edge computing environments risks stifling innovation. That is why Exascend’s self-encrypting drive (SED) solutions present a unique opportunity to double-down on edge innovation without jeopardizing data security.
Better yet, SEDs’ negligible impact on system performance means that encryption and data security no longer come with any notable tradeoffs. On the contrary, with self-encrypted drives, the time for data security is now – even in applications with limited risk profiles.
With impenetrable AES-256 encryption, powerful protocols like TCG Opal 2.0 and intelligent features such as user-specific locking ranges, SEDs make it easy to get serious about security.
SED benefits
Perfect for the edge
Edge and IoT devices are uniquely exposed to external security threats. Exascend’s secure SSDs ensure that data is safe even in the event of device theft.
Made for any environment
TCG Opal 2.0 enables compatibility across devices and operating systems, guaranteeing that fortified security is possible in any system and operating environment.
Unbeatable security
The combination of the impenetrable AES cipher and hardware encryption provides data security invulnerable to software and operating system-level breaches.
Blazing-fast performance
Hardware encryption ensures that the task of encrypting and decrypting data is left to the storage device instead of wasting valuable system resources.
Understand SEDs
Full disk encryption (FDE)
With full disk encryption, also known as whole disk encryption, all data stored inside the storage device is encrypted. That means that if the storage device gets in the wrong hands, none of the data can be accessed by the perpetrator.
FDE benefits
- Negligible impact on system performance with hardware-based implementations.
- Encryption is not limited to specific partitions, folders or files.
Self-encrypting drive (SED)
A common implementation of full disk encryption is SED. Self-encrypting drives achieve full disk encryption by leveraging purpose-designed storage devices that implement encryption on the hardware level. With SEDs, the storage device automatically encrypts data before storing it on the device, thus leaving no data unencrypted.
SED benefits
- Negligible impact on system performance as the storage device handles encryption/decryption with an integrated encryption engine – not the host device.
- Many different implementations available, allowing a high degree of flexibility.
AES-256 (256-bit AES encryption)
AES-256, or 256-bit Advanced Encryption Standard (AES) encryption, provides virtually unbreakable encryption with, at most, only a negligible impact on storage performance. In applications where the storage device getting in the wrong hands is even a remote possibility, AES-256 is an excellent choice for guaranteeing that data remains completely indecipherable even faced with the most competent and dedicated type of culprit.
Exascend’s implementation of AES-256 leverages a dedicated crypto processor inside the flash storage device, allowing encryption and decryption of data stored on the device to take place independently of the host. The result is a software-independent military-grade encryption that you can trust with both data and not slowing down your system.
AES-256 benefits
- Utilizes an uncrackable 256-bit cipher, also known as the Rijndael cipher.
- Approved by the United States for the highest level of classified information, i.e., Top Secret.
- Well-supported industry standard used across a wide range of product categories and industries.
TCG Opal 2.0
TCG Opal 2.0 is a set of specifications for SEDs established by the Trusted Computing Group (TCG), a consortium of leading technology companies. Compliance with the TCG Opal 2.0 specifications protects user data from unauthorized access and guarantees industry-wide device interoperability.
Exascend’s compliance with the TCG Opal 2.0 specifications means that our self-encrypting drives protect user data from unauthorized access with features such as hardware encryption and LBA-based read/write permissions.
TCG Opal 2.0-compliance also guarantees industry-wide device interoperability, making it a platform-agnostic way to implement the secure features that a self-encrypting drive brings to users and applications.
TCG Opal benefits
- Provides innovative features such as user-specific locking ranges, making it easy to subdivide device data on a per-user basis.
- Enables near-instant cryptographic erase that works by destroying the Media Encryption Key (MEK).
- Well-supported industry standard used across a wide range of product categories and industries.
IEEE 1667
Universal standard for the authentication of storage devices maintained by the Institute of Electrical and Electronics Engineers (IEEE) and supported by Exascend SEDs.
IEEE 1667 benefits
- Operating system-independent standard.
BitLocker
Data protection feature developed by Microsoft and supported by Exascend SEDs that provides full-disk encryption for storage devices used with Windows operating systems.
BitLocker benefits
- Seamlessly integrated into Windows operating systems.
- Continuously updated and maintained by Microsoft.
Data sanitization options
Crypto erase
The near-instant crypto erase protocol is only available on SEDs and works by simply replacing the key that encrypts/decrypts all data stored inside the device. Without the original key, the data is scrambled beyond even a theoretical chance at recovery.
Fast erase
Fast erase quickly sanitizes data by only overwriting the storage device’s mapping table. While the encrypted data still technically resides on the device, without the mapping table, the system has no way of recovering it.
Normal erase
The normal erase protocol thoroughly sanitizes data by overwriting the storage device’s mapping table and data, removing all original data. Unlike the two other options, data is not only rendered irrecoverable – it is no longer on the device.
How SEDs work
- Upon boot, the system accesses the virtual master boot record (MBR) where the user has to enter their password.
- Once the correct password has been entered, the real MBR decrypts the media encryption key (MEK) with the now-unlocked key encryption key (KEK).
- The MEK is used to encrypt and decrypt data stored on the SSD, allowing seamless data read/write.
- As soon as the system loses power, re-authentication is required to access the AES-encrypted data.
Applications that use SEDs
Industrial
Tackle challenging industrial environments that require only the best.
Mission critical
Succeed in tough applications where failure is never an option.
Enterprise
Excel under enterprise-level workloads day after day.
Transportation
Thrive in demanding applications that are always on the move.
Telecommunications
Upgrade your infrastructure and enable the next generation of connectivity.
Edge computing
Build the world of tomorrow with cutting-edge computing everywhere.
Our SED solutions
PI3 series
The PI3 series brings together Exascend’s industrial expertise with the high-speed PCIe 3.0 interface and high-density 3D TLC – resulting in a highly competent lineup of industrial-grade storage.
Interface
Flash
Design
Up to
Sustained read
Up to
Sustained write
PE3 series
The PE3 series brings high-level performance to enterprise applications without compromising on stability. Available in a wide variety of configurations and storage capacities, the PE3 series fits any demanding enterprise application.
Interface
Design
Up to
Storage capacity
Up to
Sustained read
Up to
Sustained write
SI3 series
The SI3 series is a high-end product line featuring industrial-grade SATA-III storage devices available in the M.2 and 2.5″ form factors.
Interface
Design
Flash
Up to
Sustained read
Up to
Sustained write
SE3 series
The SE3 series is an advanced SATA-III product line that comes in a wide variety of configurations to satisfy any enterprise application’s storage needs.
Interface
Design
Up to
TBW
Up to
Sustained read
Up to
Sustained write
