Device encryption provides drive security for stored data. Available in devices from encrypted hard drives to encrypted flash drives, encryption can help shield your valuable data.
This is encrypted drives, explained.
What is an encrypted drive?
An encrypted drive is a device such as a hard drive (HDD), SSD, or USB flash drive that automatically enciphers all data written into its storage, with minimal disruption to the user.
How does an encrypted hard drive, flash drive, or SSD work?
Self-encrypting drives automatically convert stored data into a scrambled, unreadable form, known as ciphertext, using an encryption algorithm. This algorithm encrypts created files even before they are physically written onto the device, rendering your storage drive “encrypted at rest.”
While there are many encryption algorithms, AES, the Advanced Encryption Standard, is one of the most widely adopted and recognized modern cryptographic algorithms. This algorithm uses fixed blocks of data, typically 128-bit or 256-bit, and scrambles them using a secret key. The larger the size, the stronger the encryption.
As soon as a file is created, the algorithm begins encrypting fixed blocks of data in a series of cryptographic operations including substitution, permutation and mixing. Employing multiple rounds of these operations strengthens the level of complexity and security.
What are the benefits of an encrypted drive?
By storing data in a scrambled, unreadable code, only those with the designated encryption key or passcode may access it. Therefore, if you happen to lose or misplace your device, the encrypted state of the drive secures your data if someone else then attempts to access it. For businesses, drive encryption can play an integral role within a larger, comprehensive cybersecurity strategy to protect user data.
Can I selectively encrypt files on an HDD or SSD?
File-level encryption is another method of encryption that secures individual files on a drive. Each file requires separate input of the encryption key or passcode to unlock. A selected file on an encrypted device can be encrypted a second time for an additional layer of security. This method, however, involves a more manual process that may miss certain files such as metadata.
How do I unlock an encrypted drive?
Unlocking an encrypted drive requires entry of the encryption key, which can be a fingerprint scan, facial recognition, or most commonly, a passcode or key phrase. Once the drive is unlocked with the correct encryption key, your files will be decrypted back to the original plaintext so you can view and access your files normally.
What happens if I lose my encryption key?
Without access to the encryption key, data can be permanently lost. For this reason, you may set up a recovery key or set of backup passcodes in case you forget or lose your passcode. The recovery key then serves as the only secondary means of accessing your device.
Are all Western Digital drives built with encryption?
Western Digital develops and manufactures devices with data security in mind, integrating security into the firmware, hardware, and manufacturing processes.
The company offers encrypted drives as well as devices that allow adding device encryption software. You can learn more about encryption and security technology in our devices and the types of data security we develop and manufacture and compare device encryption compatibility on the Western Digital website.
Artwork by Cat Tervo