Increasingly, computing devices are being utilized to operate on, and store, data and information that is meant to be kept private. Such data and information can include governmental secrets, but more likely includes business and personal information that could be damaging to one or more individuals if such information was obtained by a malicious party or an adversarial party. As such, various security mechanisms have been implemented, both in association with the hardware of a computing device and in association with the software of a computing device. Examples of such hardware security mechanisms include peripherals designed to generate secure passwords based on biometric information, such as a fingerprint, and physical access barriers to a computing device, such as keyboard locks, communication port locks, and the like. Examples of security mechanisms associated with the software of a computing device include various encryption technologies and various access control technologies.
However, the protection of data stored on one or more computer-readable media often fails during activity that is not directly associated with a computing device at all. For example, the data stored on one or more computer-readable media can be, and has been, compromised when physical shipments of storage devices, such as hard disk drives, that comprise the computer-readable media have not been properly safeguarded and have, consequently, been lost or even stolen. Similarly, data stored on one or more computer-readable media can be, and has been, compromised when storage devices comprising the computer-readable media have failed to be accessed from the host and have been, therefore, discarded. Often such “failed” storage devices retain a significantly high percentage of the data stored on their computer-readable media in a form that can be retrieved and accessed by a computing device.
To enhance the protection of data stored on computer-readable media, especially if the storage device comprising such media were to become physically accessible to malicious or adversarial parties, “full volume” encryption methodologies were developed, whereby substantially all of the data stored on the computer-readable storage media of a storage device is stored in an encrypted form such that, even if a malicious or adversarial party were to gain physical control of such a storage device, they would be unlikely to decrypt the data absent an appropriate decryption key. To provide greater performance, the encryption of data being stored on storage devices can be performed by dedicated cryptographic hardware that is part of the storage device itself, rather than by burdening the one or more central processing units of the computing device storing and retrieving such data.
In addition to full-volume encryption methodologies, the physical destruction, in an appropriate manner, of the computer-readable storage media, or the whole storage device, on which sensitive data was stored can likewise enhance the protection and security of such data. For example, computer-readable storage media that may have stored data that is to be protected can be physically shredded or exposed to random, strong, magnetic fields, such that the data is either not physically consistent, or is not physically recoverable from the computer-readable media. Alternatively, rather than physically destroying a storage device, sensitive data stored on a computer-readable storage medium can be overwritten by a computing device multiple times in accordance with pre-defined secure erasure policies. Unfortunately, physical destruction of computer-readable storage media and storage devices can be both costly and time-consuming and, as efficiencies are sought to reduce the time and expense, short-cuts that may compromise the protection and destruction of data stored on such media may be employed, thereby undermining the physical destruction efforts. Adding further inefficiencies, various regulations, such as governmental security regulations, or privacy regulations, can impose additional burdens, such as the requirement that proper destruction of computer-readable storage media is both undertaken and documented in a particular manner.
In many usage scenarios, such as server environments or enterprise Information Technology (IT) environments, storage devices are often moved between hosts. In such environments, forms of access control enforcement can be useful. Unfortunately, provisioning storage devices with forms of access control may be complicated and can result in substantial additional hardware component, development, and subsequent troubleshooting costs.