Bitlocker encryption times – security is worth the wait.

Bitlocker encryption times

As you’ve probably heard by now, the latest version of BackupAssist includes BitLocker encryption for System Protection backups on external drives.  This is an addition we’re really excited about – it’s a great tool that helps provide the high level of data security our customers have come to expect from us.

As the BitLocker engine may be an unfamiliar tool to some of our customers, we also want to make sure that you’re aware of the normal process when encrypting data for the first time – particularly in regards to duration.

To sum this article up – preparing your backup device for its first Bitlocker encryption may take some time.  Don’t panic.  This is a normal part of the process, and the good news is it only needs to be prepared once.

What is Bitlocker and how does BA use it?

what is Bitlocker encryption?

BitLocker is a Microsoft encryption feature included in Server 2008 and later operating systems that allows data to be securely encrypted in 256-bit AES.  It works by encrypting a drive at the sector level.

In BackupAssist, this means that you can securely encrypt an external drive destination for your System Protection backups, so your data can’t be accessed by anyone who isn’t authorized to do so.

So how long will encryption take?

bitlocker encryption time

Because BitLocker operates at the sector level, you’ll only need to encrypt your backup destination once.  However, because the entire encryption process takes place up front, the time it takes can very depending on a lot of factors. If you have a particularly large device already containing a lot of data, it may take some time.

Microsoft estimates that BitLocker encryption can take roughly 1 minute per every 500mb encrypted – this is a good rule of thumb to use when planning for the time you’ll need to encrypt a destination.  Using this rule of thumb, you can arrive at the following of reasonable estimates of how long variously sized drives will take to encrypt:

Windows Server 2008

500 GB drive 17 hours
1 TB drive 33 hours
2 Tb drive 67 hours

Windows Server 2012

New disk 1-5 minutes
1 TB / 300 GB used 10 hours
2 TB / 1.5 TB used 50 hours

To learn more, see the Microsoft BitLocker FAQ.

However, other factors that will affect the duration of Bitlocker encryption include:

  • The size of the drive
  • The performance of the drive and the server
  • The operating system in use
  • How much data is on the drive (for Windows 2012)

Another point worth noting is that the process will be a lot faster when using Windows 8 or Windows Server 2012 onward, providing there isn’t much data already stored on the device.  This is because in Windows Server 2012 R1/R2, BitLocker will only encrypt used disk space. It will not encrypt unused disk space or disk space containing deleted files.

What should I do about it?

bitlocker encryption what do to

As we point out in the title of this article, while BitLocker encryption may take a while it’s absolutely worth the wait!  Security vulnerabilities in a business context are unacceptable, particularly when you’re talking about sensitive data.  Cyber crime is increasing exponentially, and the security of your corporate data is not something to take lightly.

Therefore, the best thing you can do to deal with a potentially timely BitLocker encryption process is simply to plan for the time required to perform the encryption, when you create a backup job .

As we’ve pointed out, the encryption process will only need to be undertaken once – when you first set up the disk destination for your backups with BitLocker selected.  Therefore, it’s advisable to establish an approximate time-line for the encryption process based on the factors outlined above, and schedule it to go ahead at a time that will have minimal impact on your IT operations.  For example, overnight or over a weekend.

It is also worth considering the amount of data on the destination disk if you are using Windows Server 2012. If there is no data or it is a new disk, the encryption process will be very fast. And if you use an existing disk, removing data before encrypting it will save a lot of time.

Allow adequate time for your encryption process and run it at a time that suits your business, and you’ll have all the benefits of secure encrypted backups

To learn about encryption times, please view our encryption resource page.

Anything you’re still not sure about with BA and BitLocker?
Leave your question in the comments, tweet @BackupAssist or post to Facebook.
Share this article, because knowledge is power.

Leave a Comment

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email. Join 1,874 other subscribers