We often think of data protection as just backups, but encryption is also an important data protection consideration. This article looks at drive encryption, and how it is used to protect your data from unauthorized access.
Why use encryption?
Your computer’s data is stored on a hard drive and before you access it, you need to log onto your computer. However, it’s possible to circumvent this security and access your hard drive and the data on it.
People can access you data by:
- Booting your computer using other media, like a USB drive that loads an environment that can be used to access your hard drive without going through the operating system and its authentication.
- Removing the hard drive from the computer and putting it into another computer. The other computer’s operating system can be used to view and access the hard drive.
Servers, desktops and laptops are all vulnerable to this type of unauthorized access.
What is encryption?
Disk encryption uses an algorithm to randomly create a unique encryption key that will encrypt hard drives (or volumes). The encryption algorithm also creates a matching decryption key that is used to decrypt the hard drive. Once you encrypt a drive, its contents cannot be accessed without the decryption key and the password assigned to use the decryption key.
When you want to access an encrypted drive, or start a computer with an operating system on an encrypted drive, you will be asked to provide the password. The password will allow you to access the drive and its contents.
Types of encryption solutions:
- Commercial software sold by software vendors.
- Hardware encryption solutions, like self-encrypting hard drives.
- Free open source software, such as TrueCrypt.
- Encryption software bundled with an operating system, like BitLocker on Windows Server 2008/2012.
Different products provide different levels of speed and security. They can also provide encryption using different encryption standards. For example, AES (Advanced Encryption Standard) is an encryption standard that is designed to provide a good balance between speed and security.
When you backup data, it is often to a remote destination or a removable media that is rotated and stored off-site. If anyone gets access to the disk or the removable media that your backup is on, they will have access to all of the data, if it is not encrypted.
For this reason, the encryption of a backup’s destination is a very important consideration.
Encryption will protect unauthorized access to data:
- When a backup is stolen
- When a backup is misplaced
- When backups are stored with a third party.
Protecting your data is not just about making sure you can restore your data if it is lost, but making sure your backups are secure from unauthorized access.
In our next articles, we will look at:
- How BackupAssist can be used to encrypt your backups.
- How you can use BitLocker with BackupAssist.