Tag Archives: Hardware encryption

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware just announced that vSphere 7 Update 1 will add support for AMD SEV-ES encryption!

Find out what this means for enterprise security, and the future of AMD EPYC processors!

 

AMD SEV-ES Encryption : What Is It?

SEV-ES, short for Secure Encrypted Virtualization-Encrypted State, is a hardware-accelerated encryption capability in AMD EPYC processors.

Leveraging both the AMD Secure Processor and the AES-128 encryption engine built into every AMD EPYC processor, SEV-ES encrypts all CPU register contents when a virtual machine stops running.

This prevents the leakage of information from the CPU registers to components like the hypervisor. It can even detect malicious modifications to a CPU register state.

 

VMware vSphere 7 Now Supports AMD SEV-ES Encryption!

VMware vSphere 7 Update 1 adds support for both AMD SEV-ES and AMD EPYC processors.

The AMD Secure Processor in the first-generation EPYC processors can handle up to 15 encryption keys.

That increases to more than 500 encryption keys with the second-generation EPYC processors.

ESXi has many layers of isolation within its virtualised infrastructure, but all of that is implemented in software. They still require a level of trust in the hardware, which is where AMD SEV-ES comes in.

A guest operating system that supports SEV can ask the AMD Secure Processor to issue it an encryption key, for full in-memory, in-hardware encryption.

SEV-ES extends that protection to CPU registers, so that the data inside the CPU itself is encrypted. This protects the data from being read or modified when the virtual machine stops running.

Even a compromised hypervisor that accesses the register data cannot make use of it, because it is now encrypted.

Needless to say, adding support for AMD SEV-ES in vSphere 7 will spur the uptake of AMD EPYC processors in the datacenter.

 

Recommended Reading

Go Back To > Enterprise IT | CybersecurityHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Google Cloud Confidential VM With 2nd Gen AMD EPYC!

Google recently introduced Confidential Computing, with Confidential VM as the first product, and it’s powered by 2nd Gen AMD EPYC!

Here’s an overview of Confidential Computing and Confidential VM, and how they leverage the 2nd Gen AMD EPYC processor!

 

Google Cloud Confidential Computing : What Is It?

Google Cloud encrypts customer data while it’s “at-rest” and “in-transit“. But that data must be decrypted because it can be processed.

Confidential Computing addresses that problem by encrypting data in-use – while it’s being processed. This ensures that data is kept encrypted while in memory and outside the CPU.

 

Google Cloud Confidential VM, Powered By 2nd Gen AMD EPYC

The first product that Google is unveiling under its Confidential Computing portfolio is Confidential VM, now in beta.

Confidential VM basically adds memory encryption to the existing suite of isolation and sandboxing techniques Google Cloud uses to keep their virtual machines secure and isolated.

This will help customers, especially those in regulated industries, to better protect sensitive data by further isolating their workloads in the cloud.

Google Cloud Confidential VM : Key Features

Powered By 2nd Gen AMD EPYC

Google Cloud Confidential VM runs on N2D series virtual machines powered by the 2nd Gen AMD EPYC processors.

It leverages the Secure Encrypted Virtualisation (SEV) feature in 2nd Gen AMD EPYC processors to keep VM memory encrypted with a dedicated per-VM instance key.

These keys are generated and managed by the AMD Secure Processor inside the EPYC processor, during VM creation and reside only inside the VM – making them inaccessible to Google, or any other virtual machines running on the host.

Your data will stay encrypted while it’s being used, indexed, queried, or trained on. Encryption keys are generated in hardware, per virtual machine and are not exportable.

Confidential VM Performance

Google Cloud worked together with the AMD Cloud Solution team to minimise the performance impact of memory encryption on workloads.

They added support for new OSS drivers (name and gvnic) to handle storage traffic and network traffic with higher throughput than older protocols, thus ensuring that Confidential VM will perform almost as fast as non-confidential VM.

Easy Transition

According to Google, transitioning to Confidential VM is easy – all Google Cloud Platform (GCP) workloads can readily run as a Confidential VM whenever you want to.

Available OS Images

In addition to the hardware-based inline memory encryption, Google built Confidential VM on top of Shielded VM, to harden your OS image and verify the integrity of your firmware, kernel binaries and drivers.

Google currently offers images of Ubuntu v18.094, Ubuntu 20.04, Container Optimized OS (COS v81), and RHEL 8.2.

They are currently working with CentOS, Debian and other distributors to offer additional OS images for Confidential VM.

 

Recommended Reading

Go Back To > Computer | BusinessHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


Kingston IronKey D300S Encrypted USB Drive Launched!

Kingston Technology just introduced an improved version of their D300 encrypted USB drive – the Kingston IronKey D300S. Find out what’s new and improved in the Kingston D300S encrypted USB drive!

 

The Kingston IronKey D300S Encrypted USB Drive Launched!

The new Kingston IronKey D300S encrypted USB drive introduces two new features to enhance its advanced level of security and ability to safeguard sensitive data.

Serialised Drive

IronKey D300S will have a unique serial number and bar code on the drive itself that allows network administrators to read or scan the code instead of plugging it into the drive.

When a drive is deployed, returned or during any physical auditing or asset management of hardware, this feature will make the process more efficient and streamlined.

Virtual Keyboard

The second feature, a virtual keyboard will enable users to enter a password with clicks of the mouse instead of a physical keyboard. It provides a greater level of protection against any possible keylogging when using D300S on other computers.

“We’re not content on standing pat with any of our products, no matter how good they are,” said Kingston “The data protection provided by IronKey D300 is already top notch, and we’ve listened to requests from our customers. These two enhancements in the D300 series add to its industry-leading data-protection capabilities. With Kingston’s 30-plus years of expertise in quality technology solutions behind it, along with the latest NAND Flash memory and controller technology, users of any D300 drive can rest assure that their confidential data and information are well protected from the risks and threats associated with loss, theft, or stolen digital devices.”

 

Kingston IronKey D300S Price + Availability

[adrotate group=”2″]

The new Kingston IronKey D300S drives will also be available as a Managed model (D300SM) that requires IronKey EMS or SafeConsole by DataLocker , allowing central management of drive access and usage across thousands of drives.

This will be the first IronKey drive that will be supported on SafeConsole, thus enabling it to be used by customers who already have it installed.

IronKey D300SM will be available in the first quarter of 2019.

 

Recommended Reading

 

Go Back To > Computer Systems + Hardware | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

My Knox Is Dead. Long Live Samsung Secure Folder!

Samsung announced in June 2017 that they were killing off My Knox, replacing it with Samsung Secure Folder that ships with the Samsung Galaxy S8 / S8 Plus and Galaxy Note8 smartphones.

Secure Folder is compatible with the Samsung Galaxy S7 and Galaxy S7 edge smartphones that have been upgraded to Android 7.0 Nougat.

Updated @ 2017-12-22 : Revamped the article, adding a migration guide, and a final email from Samsung.

Updated @ 2017-11-16 : Added a new email from Samsung with a confirmed end-of-service date for My Knox.

Originally posted @ 2017-06-07

 

Samsung Kills My Knox

In early June 2017, Samsung announced that they’re killing My Knox, and replacing it with Secure Folder. The end-of-life date was set for 19 December 2017.

Beginning 20 December 2017, the My Knox app would no longer be available to download from the Google Play Store. The My Knox portal will also be disabled – you won’t be able to login.

Samsung replaced My Knox with their new Secure Folder solution. They promise that it is a superior solution.

 

Samsung Secure Folder

Samsung Secure Folder is a new security solution that leverages the defense-grade Samsung Knox security platform to create a private, encrypted space on a Samsung Galaxy smartphone running on Android 7.0 Nougat or better.

It is available in the Samsung Galaxy S8 / S8 Plus and Galaxy Note8 smartphones, but can be downloaded and installed in the Samsung Galaxy S7 and Galaxy S7 edge smartphones that have been upgraded to Android 7.0 Nougat.

As no Mobile Device Management (MDM) is required, it is suitable for both personal and business usage. Here are additional details :

  • Apps and data can be installed or created within Secure Folder, or moved there from outside.
  • Apps and data moved to Secure Folder are kept separate, leveraging SE for Android – preventing unauthorized communication between apps inside and outside.
  • Application data and files are encrypted with defense-grade Sensitive Data Protection (SDP) technology – using 256-bit AES cipher algorithm to secure data.
  • Data remains encrypted even after the user has exited Secure Folder or has turned off the device, and is decrypted when a user successfully authenticates himself / herself.

It can also be used alongside Knox Workspace, enabling two Knox container solutions at the same time.

This allows users to have access to both a dedicated work environment (Knox Workspace), as well as a secure personal area (Secure Folder).

[adrotate group=”1″]

 

How To Migrate From My Knox To Secure Folder

Fortunately, Samsung made it easy to migrate your private data from My Knox to Secure Folder. Here are the steps :

  • Log into the My Knox app
  • Go to My Knox Settings, and select Backup and restore.
  • Backup your My Knox data (you’ll need a Samsung account to do this).
  • Install and setup Secure Folder, if you have not already done so.
  • Log into Secure Folder.
  • Go to Secure Folder Settings, and select Backup and restore.
  • Select Restore (using the same Samsung account), and you’re done!

if you are worried about the dangers of backing up your encrypted data to the cloud (it is encrypted!), you can use this alternative method :

  • Log into the My Knox app.
  • Copy the data out into the Samsung smartphone, or a secure computer
  • Install and setup Secure Folder, if you have not already done so.
  • Move the data into Secure Folder.

 

Samsung My Knox Termination Chronology

In early June 2017, Samsung sent out this email to all registered Samsung users :

First Samsung warning about terminating My Knox

My Knox will no longer be available on new Samsung devices in 2017. You may continue your secure space experience by setting up Secure Folder, available now from Galaxy Apps.

Secure Folder runs on Android N OS or higher versions only. It leverages the defence-grade Samsung Knox security platform to create a private, encrypted space on your Samsung Galaxy phone. Applications and data moved to Secure Folder are partitioned separately on the device and gain an additional layer of security and privacy.

To seamlessly transfer your private content between solutions, please back up your My Knox data and restore it to Secure Folder. To back up your My Knox data, go to My Knox settings > Backup and restore. Remember, a Samsung account is required to use this feature.

You can restore the backup data after setting up Secure Folder. Go to Secure Folder settings > Backup and restore > Restore.

You may use My Knox until its end-of-service date (which will be announced soon). However, be aware that we will not be actively maintaining the service or adding new features.

This was followed by this email on 15 November 2017, revealing its end-of-service date as 19 December 2017.

Samsung confirms end-of-life date for the My Knox service

Dear customers,

Thank you for using My Knox.

As previously announced, we will end support for My Knox on 19th December 2017. You will not be able to download My Knox from any app store after the end-of-service date.

You may use My Knox on your mobile device until you uninstall the application. However, you will be unable to log in to the My Knox portal to remotely manage your device (e.g. to reset your My Knox password or unlock My Knox).

If you have a phone that runs the Android N OS, we recommend transferring your private data in My Knox to Secure Folder, available at Google Play or Galaxy Apps, and on new Samsung phones such as the Galaxy Note 8. We also recommend backing up your My Knox data first, and restoring the data after you set up Secure Folder.

To back up My Knox data, go to My Knox Settings > Backup and restore > Back up My Knox data. Please note that a Samsung account is required to use the My Knox backup and restore feature.

If your phone does not support Secure Folder, then please back up the content to outside My Knox (e.g. using the Move to Personal mode feature).

For more information regarding My Knox termination, please visit My Knox FAQ .

We hope you have enjoyed your experience with My Knox. Samsung is committed to continuous innovation to provide you with the highest-quality products and services.

This final email was sent on 20 December 2017, noting that My Knox is now terminated :

The final Samsung email on the termination of the My Knox service

Dear customers,

Thank you for using My Knox.

As previously announced, we will terminate the My Knox service on 19th December 2017. You will not be able to download My Knox from any app store from then on. You will also be unable to log in to the My Knox portal to remotely manage your device.

You may use My Knox on your mobile device until you uninstall the application. However we highly recommend you to back up your data or move it to outside My Knox.

If your phone supports Secure Folder, we recommend transferring your private data in My Knox to Secure Folder, available at Google Play or Galaxy Apps, and on new Samsung phones such as the Galaxy Note 8. We also recommend backing up your My Knox data first, and restoring the data after you set up Secure Folder.

To back up My Knox data, go to My Knox Settings > Backup and restore > Back up My Knox data. Please note that a Samsung account is required to use the My Knox backup and restore feature.

However, if your phone does not support Secure Folder, then please back up the content to outside My Knox (e.g. using the Move to Personal mode feature).

We hope you have enjoyed your experience with My Knox. Thank you for using our service.

 

Recommended Reading

Go Back To > Mobile Devices | SoftwareHome

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!


WD Launches First Portable SSD – The My Passport SSD!

June 22, 2017 – Western Digital Corporation, (NASDAQ: WDC) today introduced its fastest WD brand portable drive yet, the My Passport SSD. Featuring blazing-fast speeds and award-winning design, the new My Passport SSD is designed for content creators and tech enthusiasts to manage massive files on the go.

 

My Passport SSD – A New State of Storage

Featuring speeds of up to 515 MB/s, the My Passport SSD is the fastest My Passport drive offered by the WD brand. The new, super fast drive is designed for the latest generation of computers with a USB Type-C port  and is USB 3.1 Gen 2 (10Gb/s) ready with a USB Type-C to Type-C cable and an adapter to use with the more traditional USB Type-A ports found on many computers.

Built for PC and compatible with Mac, My Passport SSD offers peace-of-mind with 256-bit AES hardware encryption and password protection, and is also 6.5-foot drop tested for shock-resistance to withstand 1500G of force, to help keep precious data safe.

My Passport SSD is the perfect storage solution to rapidly manage large photo and video libraries, quickly back up files and important documents, run virtual machines from, or expand your SSD-laptop storage anywhere you take your computer. The new drive is available in 1 TB, 512 GB and 256 GB capacities, and comes with WD Backup software that enables users to automatically back up their stuff.

 

[adrotate group=”2″]

Pricing and Availability

The My Passport SSD is backed by a three-year limited warranty, and will be available at select retailers and distributors starting 07 July 2017.

The My Passport SSD has a Manufacturer’s Suggested Retail Price (MSRP) of RM 2,099 (~US$ 499) for 1 TB, RM 1,039 (~US$ 249) for 512 GB and RM 579 (~US$ 139) for 256 GB, respectively.

Western Digital partners online retailer, Lazada, with an exclusive launch to offer consumers with a special 2-week promotion starting today until 06 July 2017 :

Go Back To > News | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Kingston Management-Ready Encrypted USB Drives Launched

Hsinchu, Taiwan, April 13, 2016 – The massive leak of confidential documents recently not only reveal the hidden wealth of politician and businessmen worldwide, but also reiterate the importance of information security. Governments, corporates, and even individuals like us can never be too careful when dealing with sensitive materials. Kingston today announced two new hardware encrypted USB Flash drives that can be managed with SafeConsole by DataLocker.

 

Kingston Management-Ready Encrypted USB Drives

DataTraveler 4000G2 with Management (DT4000G2DM) and DataTraveler Vault Privacy 3.0 with Management (DTVP30DM) solve the needs of organizations required to meet Federal Information Processing Standards (FIPS) and protect data at the highest level across their mobile workforce. Both devices can be used as a managed solution via the SafeConsole Encryption Management Platform from DataLocker Inc., Kingston’s partner for encrypted USB drive management.

The new Kingston USB drives are both 256-bit AES hardware encrypted and FIPS certified (DT4000G2DM is FIPS 140-2 Level 3 validated; DTVP30DM is FIPS 197 certified) to ensure maximum corporate and personal data security.

Additionally, SafeConsole is the only secure USB management platform for secure USB drives with true password management – both remote and local. The platform enables secure resetting of forgotten passwords, activation of full audit trails, geolocation and geofencing to ensure cross-border compliance, automatic inventory, and a “remote kill” feature in the event of device loss.

Organizations should develop best practices to safeguard data outside of a company’s firewalls as data leaks become more prevalent and certain regions adopt regulatory policies. The European Union (EU) will soon enact the General Data Protection Regulation, which mandates that businesses strengthen their digital infrastructure or face significant penalties. Part of an organizational policy should include device-level management that allows control over LAN and Internet connections. This enables better tracking and auditing of data moving in and out of a company.

“Human error, malicious attacks and technical failures can place employee and corporate data at risk. Companies, agencies and organizations need to implement a security policy well before anything goes wrong as it’s critical to prevent non-compliance, fines and even financial loss,” said Nathan Su, Flash Memory Sales Director, APAC Region, Kingston. “Our latest encrypted managed USB drives, the recent IronKey acquisition and growing DataLocker partnership all demonstrates Kingston’s commitment to providing the most secure and largest family of encrypted USB solutions on the market.”

Kingston’s DT4000G2DM and DTVP30DM are available in 4GB, 8GB, 16GB, 32GB and 64GB capacities, and are backed by a five-year warranty, free technical support and legendary Kingston reliability.

[adrotate banner=”5″]

 

DataTraveler 4000G2 with Management Features & Specifications

  • Encrypted protection: With encryption, no one can see what you have stored on the drive without knowing the password.
  • Manageable: DT4000G2DM enables a complete set of centralized administration and management tools when used with server-based, control center technology of SafeConsole.
  • FIPS 140-2 Level 3 Certification: The drive is FIPS 140-2 Level 3 certified and TAA compliant, to meet frequently requested corporate and government requirements.
  • Customizable: Customize drives in a variety of ways, including serialization numbering, co-logo and customized product identifier for integration into standard end-point management software (white-listing), to meet internal corporate IT requirements.
  • Interface: USB 3.0
  • Capacities: 4GB, 8GB, 16GB, 32GB, 64GB
  • Speed:USB 3.0:
    • 4GB: 80MB/s read, 12MB/s write
    • 8GB & 16GB: 165MB/s read, 22MB/s write
    • 32GB: 250MB/s read, 40MB/s write
    • 64GB: 250MB/s read, 85MB/s write
    • USB 2.0: 4GB: 30MB/s read, 12MB/s write
    • 8GB–64GB: 30MB/s read, 20MB/s write
  • Dimensions: 77.9 mm x 22.2 mm x 12.05 mm
  • Waterproof: Up to 4 ft.; conforms to IEC 60529 IPX8. Product must be clean and dry before use.
  • Operating Temperature: 0°C to 60°C
  • Storage Temperature: -20°C to 85°C
  • Compatibility: USB 3.0 compliant and 2.0 compatible
  • Minimum System Requirements:
    • USB 3.0 compliant and 2.0 compatible
    • Two (2) free drive letters required for use
[adrotate banner=”5″]

 

DataTraveler Vault Privacy 3.0 with Management Features & Specifications:

  • Encrypted protection: All your data is protected by hardware encryption, so no one can access your data without knowing the password.
  • Manageable: IT professionals can enable a complete set of centralized administration and management tools when used with server-based, control center technology of SafeConsole.
  • FIPS 197 Certified and TAA compliant
  • Anti-virus protection from ESET: The drive is available with anti-virus protection to keep data safe from viruses, spyware, Trojans, worms, rootkits, adware and other Internet-borne threats.
  • Customizable: Customize drives in a variety of ways, including serialization numbering, co-logo and customized product identifier for integration into standard end-point management software (white-listing), to meet internal corporate IT requirements.
  • Interface: SuperSpeed (USB 3.0)
  • Capacity: 4GB, 8GB, 16GB, 32GB, 64GB
  •  Speed: USB 3.0: 4GB: 80MB/s read, 12MB/s write
    • 8GB & 16GB: 165MB/s read, 22MB/s write
    • 32GB: 250MB/s read, 40MB/s write
    • 64GB: 250MB/s read, 85MB/s write
    • USB 2.0: 4GB: 30MB/s read, 12MB/s write
    • 8GB–64GB: 30MB/s read, 20MB/s write
  • Dimensions: 77.9mm x 22.2mm x 12.05mm
  • Waterproof: Up to 4 ft.; conforms to IEC 60529 IPX8. Product must be clean and dry before use.
  • Operating Temperature: 0°C to 60°C
  • Storage Temperature: -20°C to 85°C
  • Compatibility: USB 3.0 compliant and 2.0 compatible
  • Minimum System Requirements:
    • USB 3.0 compliant and 2.0 compatible
    • Two (2) free drive letters required for use

Note: DataTraveler Vault Privacy 3.0 Anti-Virus is not compatible with Mac OS or Linux.

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!