ClevX's DataLock Secures M.2 SSDs With a Smartphone

Anton Shilov
·4 min read
ClevX
ClevX

ClevX has developed a new self-encrypting drive (SED) platform that does not depend on host hardware as well as the operating system and can be deployed within a matter of minutes. ClevX DataLock BT Secured can be applied to almost any internal or external solid-state drive or hard disk drive. All it needs is a small chip, a Bluetooth antenna, software from ClevX, and a modern smartphone. The platform can even ensure that a drive can be unlocked only in select geolocations.

While ClevX's DataLock BT Secured provides very powerful security features, it's a relatively simple platform. On the hardware side of matters, it's comprised of a small chip that encrypts data using an AES-256 algorithm, holds the unique pin code to unlock the data, and a Bluetooth antenna. This small chip can be installed on any SSD or HDD, provided that it has the right controller and firmware. Since ClevX works with all major developers of SSD controllers, including Marvell, Phison, and Silicon Motion, drive manufacturers have a lot of choice.

External storage devices featuring ClevX's DataLock KP can be equipped with a keypad to enter the password (see Kingston's IronKey Keypad 200), but for DataLock BT-enabled internal drives (M.2, 2.5-inch, etc.) a smartphone running Android or iOS is sufficient — even Apple Watch will work. ClevX's smartphone software sends a unique encrypted pin code to the drive if all conditions are met — the password is correct, biometrics data matches, geolocation and timing are suitable, etc.

ClevX's DataLock SED platform is FIPS 140-2/3 Level 3 compliant, supports remote management (which requires a managing smartphone program), yet it does not require any special drivers, software updates, BIOS enhancements, TPM modules, or admin configurations to install. As an added bonus, ClevX's DataLock SED platform supports data loss prevention cloud solution — a separate service that costs extra, naturally.

ClevX
ClevX

One of the main advantages of the ClevX DataLock security platform is its flexibility. In addition to mainstream M.2 and 2.5-inch SSDs, it can be applied to all form-factors and devices. For example, modern printers and scanners store quite a lot of data that nobody would want to end up in the wrong hands. So do NAS, IoT, medical, and industrial devices. Adding ClevX's DataLock BT Secured encryption chip and a Bluetooth receiver won't significantly increase bill-of-materials cost, device complexity or dimensions, so the DataLock hardware can be applied to pretty much all kinds of storage devices.

Another important thing about ClevX's DataLock BT Secured is that it's seamless for operating systems, so it can be used for machines running Windows, Linux, Chrome, various real-time and industrial OSes, and even Apple's MacOS (at least for external/add-on storage devices) that currently relies on encryption enabled by Apple's processors.

Data protection is vital both for organizations and for individuals, but when it comes to security, there's always a balance between the strength of protection and its ease of its use. Essentially, the more complex the deployment and authentication process is, the less convenient it is to use, which is why in some cases people omit precautions entirely. Too stringent of security in other words can end up costing tens of millions of dollars eventually if it's too inconvenient. (A good example of this is a scandal with data encryption by Morgan Stanley).

There are two ways to protect data on the client: use software-based encryption like Windows BitLocker or analogues from ESET or McAfee, or use SEDs that are particularly hard to deploy when it comes to client systems. (Note that Apple's latest platforms come with SED capabilities these days.) Both software-based encryption and SEDs have known vulnerabilities. Furthermore, SEDs are not easy to manage.

ClevX DataLock BT Secured is a self-contained platform that is seamless to host hardware and software, uses powerful AES-256 encryption algorithms to encrypt data, and uses the security capabilities of modern smartphones to unlock the data — the capabilities that many people already use. ClevX provides reference designs for hardware makers and its DataLock software is available from Apple's and Google's app stores.