Encrypted storage for rugged computers – what to choose?

One of the biggest priorities for any computer user today is ensuring that the data stored on a device is secure and cannot be compromised in any way. It is critical therefore to choose the right encrypted software and hardware storage solution for your requirements. In this blog we explore what encrypted storage options are available, in particular for defence and security applications.

There are many different types of computer solutions available today – including tablets, laptops, embedded computers and rack-mount servers – but whichever one you are using for your specific application, there is often a pressing need to ensure that the data held on the computer is secure and encrypted when at rest.

Encryption is especially important for rugged computers that handle sensitive, confidential and even classified information and data. The latter is of course a top priority for militaries, security forces or national security organisations. If data is unencrypted then there is a significant risk that a cyberattack – whether by state-funded groups, criminal gangs, or individuals – could steal that data and impact an organisation, or even an entire government.

Lost or stolen devices can also be vulnerable, with criminals able to transfer the computer’s hard disk to another system or run software tools to access the data.

We’ve all probably used a wide range of data storage solutions – from internal and external enclosed hard drives, USB pen/flash drives, CD and SD cards, and much more – but whichever we choose, it is a top priority for many that the data on the device is secure. A hard drive, for example, is a ‘non-volatile’ method of storing all kinds of critical data including the information that is collected from external sources (input data). Non-volatile means the data will stay on the hard drive, even if it is powered off, unlike volatile computer memory such as random-access memory (RAM).

Rugged computing and software-based encryption

In the military or security sectors, a computer’s hard drive could be used to store intelligence data from deployed sensors – such as a high-definition cameras and communications intelligence (COMINT) assets – which will then be processed and analysed by specialists to identify potential threats. This data at rest is extremely sensitive and is likely to be classified material that under no circumstances can be compromised, lost or stolen.

Most rugged computers now use solid-state drives (SDD) to store data, which have no internal moving parts and are therefore much better at surviving the extreme conditions that these devices can experience. SSDs have largely replaced legacy hard disk drives (HDDs), which work by writing data onto a spinning magnetic disk called a “platter” with a moving read-write arm.

While cheaper than SSDs, HDDs are vulnerable to shocks and vibration owing to their moving parts, and also have lower performance specs. SSDs can also have much better performance in terms of data transfer speeds and improving overall system responsiveness.

A common way to encrypt a computer with an SSD drive is through software. One of the best encryption software solutions available today is BitLocker, which has been developed by Microsoft and integrates with the device’s operating system, such as Windows 10 or Windows 11. BitLocker can encrypt entire commercial-off-the-shelf (COTS) hard drives, which include both system and data drives.

BitLocker is most effective with what is known as a Trusted Platform Module (TPM) with a Version 1.2 or higher.

While BitLocker is software, the TPM chip is a hardware component that must be installed on the processor board for optimum encryption. All GRiD devices have a TPM chip installed as standard, enabling customers to utilise BitLocker encryption when required. We also ensure that the computer has a Trusted Computing Group (TCG)-compliant BIOS firmware, which is another requirement for BitLocker.

Hardware encryption and government data

SSDs are available in different form factors, which can influence the type of encryption options available to the user. SSDs traditionally followed the form factors of HDDs, including the enclosed 2.5” option, although there is now a trend towards the smaller M.2 (available in SATA and NVMe interfaces). M.2 drives are only offered as a PCB, without physical protection and are not removable.

There is still demand for 2.5” encrypted drives and some organisations and defence departments have stringent requirements that state that only this type of encrypted drive can be used. GRiD’s range of rugged tablets and laptops remain compatible with 2.5” drives for exactly this reason.

For instance, the National Cyber Security Centre (NCSC) states that data at rest at Tier 2 or above should be protected by a “High Grade product”, and where this is not an option, “an assured hardware-based solution” should be preferred.

The NCSC states that the 2.5” Eclypt Core 600 SSD must be used to protect Secret and Top Secret information when used in accordance with the NCSC Security Procedures and CIAN 2015/03, according to the organisation’s website. As well as NCSC requirements, the self-encrypting 2.5” Eclypt Core 600 SSD can also meet NATO Secret and below encryption standards, according to the manufacturer Viasat.

The 2.5” Eclypt Core 600 SSD is a direct replacement for a computer’s standard hard drive, and it ensures that data is encrypted and decrypted immediately and with no impact on the computer’s overall performance. The drive uses AES 256, which is considered one the most secure and efficient encryption algorithms available on the market.

No matter your classification levels and whichever strict encrypted storage standards you must adhere to, GRiD’s rugged laptops and tablets are highly flexible and are designed to work with a range of encrypted storage solutions. Contact us if you require further assistance and our expert team can advise on +44 (0)1628 810 230 or drop an email to sales@griduk.com