The move to develop a common encryption standard for use on hard drives has been welcomed.

 

Vernon Poole, CISM head of business consultancy for Sapphire and member of ISACA's information security management committee, claimed that the move was ‘extremely positive'.

 

Poole said: “These three specifications come together to form a security framework that the data storage industry can use on their drives, and so allow notebook, as well as desktop, PC users to encrypt their data on-the- fly as it is written to the drive.

 

"The fact that the industry has developed these specifications under the auspices of the Trusted Computing Group, is extremely positive for all aspects of the IT security industry, since it will allow companies to upgrade their computers and have a baseline on which to build an enforceable set of IT security policies.”

 

The standards are categorised as the Opal Security Subsystem Class Specification for PC clients, the Enterprise Security Subsystem Class Specification for data centre storage and the Storage Interface Interactions Specification that focuses on the interactions between these storage devices and underlying SCSI/ATA protocols.

 

Referring to research from the Privacy Rights Clearinghouse, Poole claimed that in recent years, more than 252 million records containing sensitive data have been compromised due to security breaches in the US alone.

 

He said: “The use of encrypted hard drives would have greatly reduced this figure. As data is required, it can be decrypted directly into the computer's memory, so lessening the risk that the data will fall into the wrong hands.”