Which security technology will automatically secure sensitive data as it is stored on a company's devices?

Self-encrypting drives are designed specifically to enhance the security of sensitive data stored on devices by automatically encrypting the data as it is written to the storage medium. This technology uses built-in hardware encryption that does not require user intervention or additional software, making it seamless and effective for protecting data at rest.

When data is saved on a self-encrypting drive, it is immediately encrypted using strong cryptographic algorithms, ensuring that unauthorized access is prevented. The encryption keys are managed by the drive itself, often making it difficult for attackers to access the data without the proper credentials.

In the context of the other options, hardware security modules (HSMs) provide a secure environment for managing cryptographic keys and performing encryption operations but typically do not operate at the storage device level. Two-factor authentication adds an additional layer of security for user access but does not encrypt data itself. Measured boot is a security feature that ensures the integrity of the boot process but does not focus on encrypting data on devices. Thus, the unique capability of self-encrypting drives to automatically secure sensitive data as it is stored makes it the most appropriate choice.