Hugh Pickens DOT Com writes: Self-encrypting drives with a circuit built into the disk drive controller chip that encrypts all data to the magnetic media automatically and transparently have several advantages over host-based software encryption including no key management, no additional life cycle cost, no disposal cost, no performance impact, and no app changes needed. Even better, in many jurisdictions, drive encryption is a "safe harbor" against mandatory data breach notifications. If you lose an SED notebook loaded with sensitive medical data, you may not have to go to the expense and embarrassment of notifying patients of the loss. So where do you find these magical SEDs? Robin Harris reports at ZDNet that most new WD external drives and many of their internal drives have SED built-in — at no extra cost. By default the encryption is turned on, but there is no password unless you put one in using WD Security software. For good reason: if you lose your password your data is gone. Forever. There is NO recovery. Authentication of the user is done within the SED and never exposed within the memory or operating system of the computer, which means attacks on vulnerabilities in the operating system cannot be used against an SED's pre-boot process. "Encrypted data as near as your recent WD external drive? Believe it," writes Harris. "But also take responsibility. If you encrypt your drive the fate of your data rests squarely on you. Don't screw up."
"No, no, I don't mind being called the smartest man in the world. I just wish
it wasn't this one."
-- Adrian Veidt/Ozymandias, WATCHMEN