Western Digital Launches Security Platform for Portable Storage with G-Technology’s ArmorLock-Encrypted NVMe SSD

Data safety is of paramount importance for many enterprise use-cases, and in certain scenarios, for home consumers too. Portable storage devices have typically offered data protection in the form of hardware encryption activated by one of multiple methods. Commonly used protection mechanisms include hardware keypads on the drive, a software application running on the host system with password protection prior to the mounting of the data volume, and biometric protection with, say, a fingerprint reader integrated in the device. Earlier this year, Samsung had launched the Portable SSD T7 Touch with such an integrated fingerprint sensor. Smartphones have become an indispensable part of everyday life, and serve as a digital identity of sorts for the owner. The biometric authentication that allows access to the phone has been taken advantage of as an added security measure in various other scenarios (two-factor authentication). Applications that authenticate based solely on the ability to unlock the phone exist too. Some portable storage device vendors have adopted this ‘app scheme’ as an alternative to the ‘intrusive’ measures outlined in the previous paragraph for unlocking encrypted drives. Examples include the SecureDrive BT series of hardware-encrypted external portable HDDs and SSDs using the DataLock BT app and iStorage’s upcoming datAshur BT series of USB flash drives. Today, Western Digital is introducing their own version of BLE-based authentication and unlocking of a portable storage device under the ArmorLock moniker. The first product based on this technology is also being launched today – the G-Technology ArmorLock-encrypted NVMe SSD. The ArmorLock Security Platform Traditional protection methods for encrypted portable drives have tended to be intrusive and slows down the process of using the drive on different systems. The ArmorLock security platform is intended to enable simple and seamless usage of encrypted drives using mobile / desktop apps (unfortunately available only for iOS and macOS at launch). An ArmorLock-encrypted drive carries a BLE radio that communicates with the Bluetooth radio on the mobile / desktop system on which the app runs. The app-based unlock scheme enables password-less unlocking using key exchange. WD claims that the secure pairing is seamless (a comparison was made with the Apple AirPods pairing scheme). Prior to usage, each drive is authorized on a system where the retrieval key is generated first and backed up (for use in the case where all authorized mobile devices become unavailable, but access to the data is still needed). After this, multiple mobile phones can be authorized for the same drive, with only a public key from the mobile app needing to be fed into the administrator console. Multiple drives can also be authorized and managed from this administrator console, enabling remote usage after the authorized drive gets shipped over. The drives can also self-format and be subject to secure erasure through the mobile app. If enabled, the phone’s location information can also be used by the app to show where the drive was used last. It must be noted that the ArmorLock security platform does NOT need cloud connectivity. In
Read More