Regulatory compliance requirements and other best security practices are driving enterprises more consistently towards use of hard drive encryption, but it's not always an easy decision. Software encryption products can impose a performance burden and key management can be problematic.

The answer, argues Seagate, is hardware encryption built into the drive. Integration into McAfee's Endpoint Encryption products makes key management more organized and secure, and no CPUs are burdened in the encryption or decryption of the data. Seagate also has announced they are now shipping 320GB and 500GB self-encrypted drives up to 7200RPM. Dell will be shipping notebooks with these drives. The drives come factory pre-loaded with management software.

Early this year headlines were had with the revelation, by researchers at Princeton, of a theoretical attack that could recover software encryption keys even from a notebook that had been shut off. It's actually silly James Bond stuff that real people shouldn't worry about, but it did demonstrate the real point that the keys exist in memory and there are ways they can be gotten. Attacks on the live system that gain control of it, through malware, for example, could still gain access to any data to which the compromised user has access. With hardware-encrypted drives, at least the private key is secure and the Princeton attack is prevented.

Notebooks with drives like these in a managed environment really do make it easier to feel secure about notebooks, even if they have sensitive data on them. Combine them with other best practices, such as multifactor authentication, and you've given yourself the best chance to succeed in security. One day we'll use products like this and nothing less will be acceptable.