Different types of drive encryption and security

by Crucial Employee on ‎02-14-2017 10:16 AM - edited on ‎05-18-2017 04:22 PM by Community Manager Community Manager (877 Views)

There are quite a few options for securing and encrypting the data on your SSD, which can make it difficult to decide which is best for you. Generally, we can break down these types of security into three forms: software encryption, hardware encryption, and ATA security. Each one has varying degrees of security and can even affect system performance. Here’s what you should know about the three types of drive encryption and security.

 

Software encryption

 

The simplest and most widely available form of data security is software encryption. Software encryption uses a program to encrypt and decrypt the data as it is being written to and read from your SSD. In order to do all this encryption work, your CPU must spend a portion of its power to constantly compute any new information. This slows your system down in several ways, so if performance is important to you, software encryption should be avoided. In regards to SSDs, software encryption can significantly shorten the write life expectancy of the drive since it constantly has to erase and write new data to the SSD. If you were to forget the password to a software-encrypted drive, you can simply erase the drive, then create new partitions on the device.

  Pros

  • Compatible with virtually all storage devices
  • Can selectively encrypt certain folders or partitions
  • Lots of options to choose from 

  Cons

  • Decreases system performance
  • Adds significant wear to SSDs
  • Potentially less secure than other forms of security
  • Takes a long time to encrypt and decrypt data

 

Hardware encryption

 

Some drives come with built-in controllers that allow you to enable hardware encryption. Unlike software encryption, hardware encryption uses a controller built into the drive to do all the hard work. This frees the CPU from having to compute the information, which means you’ll get the most performance possible out of your drive.

 

You’ll need to make sure you have a computer that has a built-in controller that supports hardware encryption. Crucial® MX-series SSDs come with a 256-bit AES encryption controller, which allows you take advantage of full hardware disk encryption, and is sometimes referred to as a SED (Self-Encrypting Drive). Check out our extensive knowledge base to learn more about hardware encryption requirements with Crucial SSDs and how to set it up, see how self-encrypting SSDs enhance data security and protect your organization, or get an even more in-depth look at how hardware encryption works in our drives.

 

Hardware encryption has many security benefits because the controllers and encryption standards are so robust – it is practically impossible for someone to recover data from a drive that is locked without the encryption key. Other cool benefits are the ability to encrypt or decrypt a drive in just a few clicks. While software encryption could potentially take many hours to complete encrypting, hardware encryption utilities like Microsoft® BitLocker let you turn encryption on or off in less than a minute.

 

Like with software encryption, you need to find a program to manage hardware encryption (such as BitLocker or McAfee® Endpoint). If you forget a hardware encryption password, you can use the PSID revert tool in the Crucial® Storage Executive tool to reset the drive.

 

  Pros

  • Extremely secure
  • No loss of performance
  • Simple and quick to enable or disable

  Cons

  • Only select setups will support it

 

ATA security

 

The final form of drive security uses a set of commands under Serial ATA standards to lock a drive with a password. Unlike with hardware encryption, the data on the drive itself isn’t actually encrypted but the controller used to access the information on the drive is locked. ATA security doesn’t necessarily require software to be enabled, but ways to enable it will vary from system to system. If you somehow enabled ATA security on a drive and forget the password, you will be unable to create any new partitions on the device. There are third-party options to remove ATA security locks on a drive, but it is best to never mess with settings unless you know what you are doing – you could essentially make the drive useless if you mess it up. Since there are ways to remove ATA locks, this is less of a secure method for protecting data than it is a deterrence to unauthorized access.

 

  Pros

  • Relatively easy to setup
  • No additional software required
  • No loss in performance

  Cons

  • Not a secure way to protect your data
  • No simple way to unlock a drive if the password is forgotten