WEBVTT

1
00:00:00.270 --> 00:00:01.260
In this lesson,

2
00:00:01.260 --> 00:00:04.440
we will learn about Self-Encrypting Drives.

3
00:00:04.440 --> 00:00:07.650
Self-Encrypting Drives are storage devices

4
00:00:07.650 --> 00:00:10.290
with built-in encryption capabilities

5
00:00:10.290 --> 00:00:13.770
that automatically encrypt and decrypt data

6
00:00:13.770 --> 00:00:17.520
as it is written to or read from the drive.

7
00:00:17.520 --> 00:00:19.560
Self-Encrypting Drives operate

8
00:00:19.560 --> 00:00:22.440
by using an onboard encryption engine

9
00:00:22.440 --> 00:00:26.010
to encrypt data transparently without requiring

10
00:00:26.010 --> 00:00:28.950
user interaction or additional software.

11
00:00:28.950 --> 00:00:32.220
Let's learn more about Self-Encrypting Drives.

12
00:00:32.220 --> 00:00:35.520
Self-Encrypting Drives are storage devices

13
00:00:35.520 --> 00:00:38.880
like Hard Disk Drives or Solid State Drives

14
00:00:38.880 --> 00:00:41.970
that have built in encryption capabilities.

15
00:00:41.970 --> 00:00:45.060
These drives automatically encrypt data

16
00:00:45.060 --> 00:00:47.130
as it is written to the drive,

17
00:00:47.130 --> 00:00:50.310
and they decrypt the data when it is read from the drive,

18
00:00:50.310 --> 00:00:53.400
all without the need for user intervention

19
00:00:53.400 --> 00:00:55.350
or additional software.

20
00:00:55.350 --> 00:00:59.490
Self-Encrypting Drives use an onboard encryption engine,

21
00:00:59.490 --> 00:01:01.590
which operates transparently,

22
00:01:01.590 --> 00:01:04.740
meaning that users will not notice any difference

23
00:01:04.740 --> 00:01:06.780
in how the drive functions.

24
00:01:06.780 --> 00:01:10.230
Additionally, the encryption keys are securely managed

25
00:01:10.230 --> 00:01:13.800
within the drive itself, never leaving the hardware,

26
00:01:13.800 --> 00:01:16.950
which protects the encryption keys from attacks,

27
00:01:16.950 --> 00:01:20.940
targeting the operating system or software vulnerabilities.

28
00:01:20.940 --> 00:01:24.270
Implementing Self-Encrypting Drives involves

29
00:01:24.270 --> 00:01:26.910
integrating encryption algorithms

30
00:01:26.910 --> 00:01:31.650
and secure key management directly into the drives hardware.

31
00:01:31.650 --> 00:01:34.230
This setup makes deployment simple

32
00:01:34.230 --> 00:01:36.600
as no additional configuration

33
00:01:36.600 --> 00:01:40.410
or software is required to enable the encryption.

34
00:01:40.410 --> 00:01:44.250
For example, when you use a self encrypting drive,

35
00:01:44.250 --> 00:01:47.970
your data is automatically protected without needing

36
00:01:47.970 --> 00:01:50.130
to install encryption software

37
00:01:50.130 --> 00:01:53.190
or manually managed encryption keys.

38
00:01:53.190 --> 00:01:57.060
The secure key management system built into the drive

39
00:01:57.060 --> 00:02:00.330
ensures that even if the computer's operating system

40
00:02:00.330 --> 00:02:03.420
is compromised, the encryption keys remain safe

41
00:02:03.420 --> 00:02:07.080
within the drive, as do the drives contents.

42
00:02:07.080 --> 00:02:11.400
The advantages of Self-Encrypting Drives are numerous.

43
00:02:11.400 --> 00:02:14.130
Self-Encrypting Drives are easy to use

44
00:02:14.130 --> 00:02:16.650
because encryption happens automatically

45
00:02:16.650 --> 00:02:18.660
without slowing down the system

46
00:02:18.660 --> 00:02:21.840
or requiring special knowledge from the user.

47
00:02:21.840 --> 00:02:24.570
Also, performance stays consistent

48
00:02:24.570 --> 00:02:27.480
because the drives hardware handles the encryption

49
00:02:27.480 --> 00:02:30.000
and decryption, not the computer's

50
00:02:30.000 --> 00:02:32.730
Central Processing Unit or CPU.

51
00:02:32.730 --> 00:02:35.910
This avoids the slowdowns often seen

52
00:02:35.910 --> 00:02:37.980
with software based encryption.

53
00:02:37.980 --> 00:02:41.850
Self-Encrypting Drives also provide strong protection

54
00:02:41.850 --> 00:02:43.500
against data breaches

55
00:02:43.500 --> 00:02:46.500
because the encryption keys are securely stored

56
00:02:46.500 --> 00:02:49.500
within the drive and are never exposed

57
00:02:49.500 --> 00:02:51.600
to the rest of the system,

58
00:02:51.600 --> 00:02:53.970
making it very hard for attackers

59
00:02:53.970 --> 00:02:56.220
to access the encrypted data.

60
00:02:56.220 --> 00:03:00.720
However, Self-Encrypting Drives do some drawbacks.

61
00:03:00.720 --> 00:03:03.150
Consumer-level Self-Encrypting Drives

62
00:03:03.150 --> 00:03:06.750
are usually affordable, but enterprise grade models

63
00:03:06.750 --> 00:03:09.150
that meet strict security standards

64
00:03:09.150 --> 00:03:12.300
like the Federal Information Processing Standard,

65
00:03:12.300 --> 00:03:16.800
or FIPS 140-2 and the Institute of Electrical

66
00:03:16.800 --> 00:03:18.330
and Electronics Engineers,

67
00:03:18.330 --> 00:03:23.310
or IEEE 1667, those can be much more expensive.

68
00:03:23.310 --> 00:03:25.560
However, these standards are important

69
00:03:25.560 --> 00:03:28.650
because they ensure the drives meet specific

70
00:03:28.650 --> 00:03:31.320
security requirements making them suitable

71
00:03:31.320 --> 00:03:33.750
for highly regulated environments,

72
00:03:33.750 --> 00:03:37.080
but this does come at a higher cost.

73
00:03:37.080 --> 00:03:40.860
Additionally, Self-Encrypting Drives can be hard to update

74
00:03:40.860 --> 00:03:43.920
or upgrade because they are hardware based.

75
00:03:43.920 --> 00:03:46.140
If new encryption standards are needed,

76
00:03:46.140 --> 00:03:49.950
the drive may need to be replaced rather than updated.

77
00:03:49.950 --> 00:03:54.950
So remember, Self-Encrypting Drives are storage devices

78
00:03:54.990 --> 00:03:58.800
with built-in encryption that automatically secures data

79
00:03:58.800 --> 00:04:02.220
as it is written to or read from that drive

80
00:04:02.220 --> 00:04:06.840
without requiring any user input or additional software.

81
00:04:06.840 --> 00:04:10.890
Self-Encrypting Drives use an onboard encryption engine

82
00:04:10.890 --> 00:04:12.780
that works transparently,

83
00:04:12.780 --> 00:04:15.450
so users do not notice any change

84
00:04:15.450 --> 00:04:17.190
in the drive's performance.

85
00:04:17.190 --> 00:04:20.820
The encryption keys are managed securely within the drive,

86
00:04:20.820 --> 00:04:22.620
keeping them safe from attacks

87
00:04:22.620 --> 00:04:24.960
targeting the operating system.

88
00:04:24.960 --> 00:04:28.380
Self-Encrypting Drives are also easy to deploy,

89
00:04:28.380 --> 00:04:30.480
maintain consistent performance,

90
00:04:30.480 --> 00:04:33.900
and offer strong protection against data breaches

91
00:04:33.900 --> 00:04:36.870
because the keys never leave the hardware.

92
00:04:36.870 --> 00:04:41.040
However, they can be expensive, especially enterprise models

93
00:04:41.040 --> 00:04:43.590
that meet strict security standards.

94
00:04:43.590 --> 00:04:47.010
Finally, as a hardware based security device,

95
00:04:47.010 --> 00:04:50.160
Self-Encrypting Drives may require replacement

96
00:04:50.160 --> 00:04:52.833
if new encryption standards are needed.