Understand encryption and security types to make sure your important data is safe.
Three key areas of data protection are outlined below.
Ensure data on the drive is securely encrypted
We offer drives with and without hardware-based encryption. Drives with encryption use AES-256 to encrypt user data at rest.
Configure the drive to only allow access to authenticated users
We offer drives with industry-standard access control methods, including ATA Security Feature Set and various TCG SSCs (subsystem classes).
Securely erase the data when decommissioning the drive
All drives offer sanitize features that when operated correctly are consistent with the “Purge” function described by the NIST SP 800-88 guidelines for media sanitization.
Learn about the four main security types we offer, and discover which may be best for you.
|Security Type||User Data Encrypted At Rest||Data Access Control||Preferred NIST Purge- Compliant Erase||External Certification of Security Protocol|
|Secure Erase (SE) ⓘ
|—||ATA Security (SATA only)||Sanitize Overwrite (HDD)
Sanitize Block Erase (SSD)
|Instant Secure Erase (ISE) ⓘ
|✔||ATA Security (SATA only)||All of the above, plus Crypto Erase||—|
|Trusted Computing Group (TCG) ⓘ
|✔||TCG-SSC||All of the above, plus Revert||—|
|✔||TCG-SSC||All of the above||✔ FIPS 140-2 Certification by NIST-approved labs1|
SE drives are offered without user-data encryption, and access control can be provided on SATA drives only. Drive sanitization is performed using standard ATA Security Erase, SCSI Sanitize, or NVMe™ Sanitize commands, and incorporate the Overwrite (HDD) or Block Erase (SSD) methods.
ISE drives support all sanitization methods as SE drives. In addition, ISE drives have data encrypted at rest, and access control can be provided on SATA drives only. During the sanitization step, drives can be sanitized using ATA, SCSI, or NVMe standard commands but with an instant cryptographic erasure rather than requiring that the drives be overwritten or go through a block erase process.
TCG drives have data encrypted at rest. Access control is handled through TCG-SSC protocols, being TCG Enterprise, TCG Opal, or TCG Ruby depending on the drive model. TCG drives support all sanitization methods as ISE drives. Additionally, TCG drives support the Revert command, which not only sanitizes the drive but returns its TCG state to the factory default.
TCG-FIPS drives are identical to TCG, but are additionally validated by a NIST-approved laboratory to meet the Federal Information Processing Standard (FIPS). Drives with TCG-FIPS security may also use tamper-evident features to comply with Level 2 security requirements.
1. FIPS 140-3 in progress on certain products.
References to certain features or services do not imply that they will be made available in all countries or an all products.