Different Types of Drive Encryption and Security
There are quite a few options for securing and encrypting the data on your SSD, which can make it difficult to decide which is best for you. Generally, we can break down these types of security into three forms: software encryption, hardware encryption, and ATA security. Each one has varying degrees of security and can even affect system performance. Here’s what you should know about the three types of drive encryption and security.
The simplest and most widely available form of data security is software encryption. Software encryption uses a program to encrypt and decrypt the data as it is being written to and read from your SSD. In order to do all this encryption work, your CPU must spend a portion of its power to constantly compute any new information. This slows your system down in several ways, so if performance is important to you, software encryption should be avoided. In regards to SSDs, software encryption can significantly shorten the write life expectancy of the drive because it constantly has to erase and write new data to the SSD. If you were to forget the password to a software-encrypted drive, you can simply erase the drive, then create new partitions on the device.
- Compatible with virtually all storage devices
- Some programs can selectively encrypt certain folders or partitions
- Lots of options to choose from
- Decreases system performance
- Adds significant wear to SSDs, especially for full-disk encryption
- Potentially less secure than other forms of security
- Takes a long time to encrypt and decrypt data
Some drives come with built-in controllers that allow you to enable hardware encryption. Unlike software encryption, hardware encryption uses a controller built into the drive to do all the hard work. This frees the CPU from having to compute the information, which means you’ll get the most performance possible out of your drive.
You’ll need to make sure you have a computer that has a built-in controller that supports hardware encryption. Crucial® MX-series SSDs come with a 256-bit AES encryption controller, which allows you take advantage of full hardware disk encryption, and is sometimes referred to as a SED (Self-Encrypting Drive). Check out our extensive knowledge base to learn more about hardware encryption requirements with Crucial SSDs and how to set it up, see how self-encrypting SSDs enhance data security and protect your organization, or get an even more in-depth look at how hardware encryption works in our drives.
Hardware encryption has many security benefits because the controllers and encryption standards are so robust. It is practically impossible for someone to recover data from a drive that is locked without the encryption key. Other benefits are the ability to encrypt or decrypt a drive in just a few clicks. While software encryption could potentially take many hours to complete encrypting hardware encryption utilities like Microsoft® BitLocker® let you turn encryption on or off in less than a minute.
Similiarly to how software encryption works, you will need to find a program to manage hardware encryption (such as BitLocker or McAfee® Endpoint). If you forget a hardware encryption password, you can use the PSID revert tool in the Crucial® Storage Executive tool to reset the drive.
- Extremely secure
- No loss of performance
- Simple and quick to enable or disable
- Only select setups will support it
The final form of drive security uses a set of commands under Serial ATA standards to lock a drive with a password. Unlike with hardware encryption, the data on the drive itself isn’t actually encrypted, but the controller used to access the information on the drive is locked. ATA security doesn’t necessarily require software to be enabled, but the ways to enable it will vary from system to system. If you somehow enabled ATA security on a drive and forget the password, you will be unable to create any new partitions on the device. There are third-party options to remove ATA security locks on a drive, but it is best to never change the settings unless you know what you are doing. You could make the drive useless if you were to change the wrong ones. There are ways to remove ATA locks, so this is less secure method for protecting data. It is a better way to deter unauthorized access.
- Relatively easy to setup
- No additional software required
- No loss in performance
- Not a secure way to protect your data
- No simple way to unlock a drive if the password is forgotten
©2023 Micron Technology, Inc. All rights reserved. Information, products, and/or specifications are subject to change without notice. Neither Crucial nor Micron Technology, Inc. is responsible for omissions or errors in typography or photography. Micron, the Micron logo, Crucial, and the Crucial logo are trademarks or registered trademarks of Micron Technology, Inc. BitLocker is a trademark of Microsoft Corporation in the U.S. and/or other countries. McAfee Endpoint is a trademark of McAfee, LLC or its subsidiaries in the US and other countries. All other trademarks and service marks are the property of their respective owners.