Recently, I learned that Western Digital has decided to only partially implement the ATA Secure Erase featureset for initial price points for some storage products.
https://www.westerndigital.com/en-us/solutions/data-security/data-protection
Specifically, they are withholding the near-instantaneous "Crypto Erase" option (encrypt the entire drive with a strong key, and then discard the key) from some products, offering only "Sanitize Block Erase" (overwrite everything) at the entry-level price point.
Technically, Block Erase does comply with NIST 800-88 "Purge" level for SSDs, per Table A-8. But it wastes [size-of-drive] writes. And on modern drives, it can take a looong time to overwrite an entire HDD.
I understand the need to stratify pricing. But just like the "SSO tax" ... making security harder is never better for the ecosystem.
And by the time most people realize they wanted the better option ... the purchases will have been made (maybe years before), and the folks making the purchasing decision will likely be far removed (in time, org structure, and technical awareness) from the personnel suffering the consequences.
Bad form.
Comments
Displaying 0 of 0 comments