EDT is planning to develop a means to remotely trigger the erasure of data on flash drives in the next 12 months, according to Philip Bracco, president and CEO of EDT. There are already similar products on the market, such as a drive from Kingston Technology Co. that erases the data inside the drive after 25 failed login attempts. But the key to the EDT product, he said,will be its ability for a user to trigger the self-destruction and do so instantaneously.
"We believe the best way to ensure that data is end-of-lifed is for it to be dealt with immediately," Bracco said.
"I think there'd be a tremendous market for [EDT's device], as we're seeing the progression of devices, like cell phones, becoming storage devices for enterprise data," said John Webster, principal IT advisor for Illuminata Inc. "The ability to protect that data is going to be critical."
Users also like the idea. "There are lots of products I manage that I'd love to have with me at all times because my cell phone can [open] a telnet [or] SSH [session], and I have an Air Card from Verizon so I can login wherever, whenever the problem [arises]," said Tory Skyers, network administrator for Fox & Roach Realtors, a division of Prudential Real Estate Affiliates Inc."But if I lose said device and someone can access it, I will be putting my clients at risk."
Skyers said he can envision using a mobile device to manage his storage area network (SAN) remotely using a laptop, if he could keep the SAN management software and VPN client separate from the laptop on the flash device for an extra layer of security. Keeping all the necessary tools on one device "would be like locking your door with a double key lock and then leaving one key in the lock and the other under the mat," he said. "It doesn't make much sense to be all secure with all your stuff in the same place."
That said, Skyers also pointed out that the world of data security is one of endless paranoia. "They better hope their self-destruct code is hacker-proof," he said. "Some people, like me, also use flash as a backup because it's nonvolatile and fairly sturdy."
Digital Shredder erases SATA drives
EDT claims it has overcome such user resistance before. Its Digital Shredder appliance, in production at several government agencies with classified data, has the ability to erase SATA drives in a similar manner. The Digital Shredder looks like a regular PC, but drives inserted in its drive bay are wiped clean using a little-known piece of code hidden in the ATA specification.
According to Jack Thoren, senior vice president of strategic development for EDT, a portion of the ATA specification that applies to both PATA and SATA drives, known as the Secure Erase Protocol, initiates a self-destruction sequence on the disk that cannot be cancelled once it's started. But the protocol, he said, was never fully developed and has been left out of most ATA drive designs, because it was seen as easy prey for hackers.
EDT has used the neglected protocol to build its business, selling its Digital Shredder to government agencies and large financial companies. These customers can bring the portable device to secure computer rooms to destroy decommissioned hardware on the spot, instead of requiring third-party digital shredding services or potentially dangerous large degaussing or mechanical shredding machines.
Now that the market has entered the era of compliance regulations and e-discovery, it's become important to find efficient ways of destroying data, rather than just preserving it. But "the solution for decommissioning hardware was sitting right in front of everyone for years, right in the firmware," Bracco said.