Applied Users Forums

Hardware & Infrastructure => Hardware => Topic started by: Charlie Charbonneau on February 04, 2013, 01:14:26 PM

Title: Backup Device: Encryption?
Post by: Charlie Charbonneau on February 04, 2013, 01:14:26 PM
It has been recommended that our backup usb devices should be encrypted or contain hardware encryption instead of just an ordinary USB External drive.  So in researching, I have a few questions.  I'm not very familiar with solid state drives.  Are they better? will they work with Server 2008 backup?  Will a hardware encrypted drive work with 2008 Backup?  Anyone have anything inparticular that they're using to encrypt backup drives being taken off premesis?
Title: Re: Backup Device: Encryption?
Post by: Jeff Zylstra on February 04, 2013, 01:29:40 PM
Quote from: Charlie Charbonneau on February 04, 2013, 01:14:26 PM
It has been recommended that our backup usb devices should be encrypted or contain hardware encryption instead of just an ordinary USB External drive.  So in researching, I have a few questions.  I'm not very familiar with solid state drives.  Are they better? will they work with Server 2008 backup?  Will a hardware encrypted drive work with 2008 Backup?  Anyone have anything inparticular that they're using to encrypt backup drives being taken off premesis?

I'll show my ignorance, once again....  We use Acronis to back up, and I'm pretty sure that it uses encryption to backup to the primary drive, and then just copies that file to the USB drive for offsite redundancy.  Does your Seagate, Backup Exec, or other backup software use encryption already?  You may be doing it already, but not know it because you're always viewing the backups from within the backup software.  You may want to check it out and see if your software will do it.
Title: Re: Backup Device: Encryption?
Post by: Mark on February 04, 2013, 01:38:26 PM
We're on Backup Exec 2012.  Still backing up to tape, but yes, it does use encryption.

Charlie, if you don't want to shell out the bucks for something like Backup Exec, you could very likely work TrueCrypt into your nightly backup routine without much complication.
Title: Re: Backup Device: Encryption?
Post by: Jeff Golas on February 04, 2013, 03:24:23 PM
I've tried Truecrypt and it does work with little impact on performance. Basically you either set up a truecrypt container on the drive or set the drive itself, then configure the backup server to automount (or require a password up to you).
Title: Re: Backup Device: Encryption?
Post by: Mark on February 04, 2013, 03:27:56 PM
There you go, Charlie!  Free and "simple!"
Title: Re: Backup Device: Encryption?
Post by: Charlie Charbonneau on February 04, 2013, 03:53:50 PM
woot! will be looking into it!  Thanks folks!
Title: Re: Backup Device: Encryption?
Post by: Charlie Charbonneau on February 07, 2013, 04:03:31 PM
Ok, possibly found another free route and of course have more questions?  Windows 2008 comes with BitLocker Drive Encryption which also looks like it will do what I need and is built into what I already have.  Seems like a plus to me.  What I'm wondering is:  If I apply encryption to the root, data, and backup drives, will TAM and Exchange play well with it?
Title: Re: Backup Device: Encryption?
Post by: Mark on February 07, 2013, 04:05:08 PM
oooh... I can't answer that, but I'm going to ask why don't you just encrypt the backup drive.

Why don't you just encrypt the backup drive?  I would think encrypting anything else could impact performance.
Title: Re: Backup Device: Encryption?
Post by: Charlie Charbonneau on February 07, 2013, 04:08:38 PM
I'm sure I could, but God forbid if someone walks off with the server and it's been left unencrypted have I done my due diligence to protect confidential data?  What's good enough?
Title: Re: Backup Device: Encryption?
Post by: Mark on February 07, 2013, 04:10:06 PM
Quote from: Charlie Charbonneau on February 07, 2013, 04:08:38 PM
What's good enough?

Self destructing servers.

Hey -- you opened the can!  :P
Title: Re: Backup Device: Encryption?
Post by: Conan_Ward on February 07, 2013, 04:24:29 PM
To the best of my knowledge TAM will not like working on an encrypted drive (or may just not work entirely).
Title: Re: Backup Device: Encryption?
Post by: Billy Welsh on February 07, 2013, 04:29:04 PM
Quote from: Charlie Charbonneau on February 07, 2013, 04:08:38 PM
I'm sure I could, but God forbid if someone walks off with the server and it's been left unencrypted have I done my due diligence to protect confidential data?  What's good enough?

Is your server physically secure?  I would think that is sufficient due diligence.
Title: Re: Backup Device: Encryption?
Post by: Charlie Charbonneau on February 07, 2013, 04:48:59 PM
It sits on a table in my office.  As of today, the door will be locked when I'm not inhouse. There is no window access, but that can be bypassed via the drop ceiling from the next office if someone were really determined.  Suite is alarmed and building is alarmed.   Good enough?
Title: Re: Backup Device: Encryption?
Post by: Mark on February 07, 2013, 04:51:19 PM
Hang some barbed wire in the drop ceiling right above your wall, and put vaseline anywhere someone might be able to grab hold of the server.

I think that could cover it.  ;)
Title: Re: Backup Device: Encryption?
Post by: Charlie Charbonneau on February 07, 2013, 04:52:27 PM
I'll have to see if I can get my buddy Achmed in to do some customizations...
Title: Re: Backup Device: Encryption?
Post by: Billy Welsh on February 07, 2013, 04:57:29 PM
I am no attorney or bureaucrat, but that seems like enough to me.  Ours is behind a locked door, but locks are for honest people.  Also have a suspended ceiling.

Even with encryption, if the thief really wants the data I suspect he can get it.
Title: Re: Backup Device: Encryption?
Post by: Jason@KiteTech on February 09, 2013, 11:45:09 AM
Some states are requiring that you encrypt data at rest.  Most are simply requiring that you document your best efforts.  Since TAM doesn't support drive level encryption, you can document that and be fine.  Just make sure your physical safeguards are decent (locked room, locked cabinet, locked faceplate, etc.) to preven the server from walking.  I'd throw in recoded surveillance just for good measure.

With regards to encrypting a backup drive:  My concern would be from a bare metal recovery scenario.  If your encryption is within the backup product (such as Acronis) then you don't have to worry about creating an environment to be able to access the data before continuing.
Title: Re: Backup Device: Encryption?
Post by: Mark on February 11, 2013, 09:45:17 AM
Quote from: Jason@KiteTech on February 09, 2013, 11:45:09 AM
With regards to encrypting a backup drive:  My concern would be from a bare metal recovery scenario.  If your encryption is within the backup product (such as Acronis) then you don't have to worry about creating an environment to be able to access the data before continuing.

That's why I liked the TrueCrypt idea.  Not a big deal do download as needed.
Title: Re: Backup Device: Encryption?
Post by: Jim Jensen on August 01, 2019, 04:35:01 PM
Dredging up an old post, but it's still a relevant topic - is this still the case for Tam 2017 & 2018? 6 years is a long time in the software world, though not in TAM-land.

Quote from: Conan_Ward on February 07, 2013, 04:24:29 PM
To the best of my knowledge TAM will not like working on an encrypted drive (or may just not work entirely).
Title: Re: Backup Device: Encryption?
Post by: Jeff Golas on August 05, 2019, 05:57:46 PM
Really shouldn't matter, although now you're better off using Bitlocker or the like. Once the device is "mounted" (decrypted) it should operate like any other device.

Quote from: Jim Jensen on August 01, 2019, 04:35:01 PM
Dredging up an old post, but it's still a relevant topic - is this still the case for Tam 2017 & 2018? 6 years is a long time in the software world, though not in TAM-land.

Quote from: Conan_Ward on February 07, 2013, 04:24:29 PM
To the best of my knowledge TAM will not like working on an encrypted drive (or may just not work entirely).
Title: Re: Backup Device: Encryption?
Post by: Tom Fisher on August 06, 2019, 12:44:39 AM
As Jeff mentioned .. if you use Bitlocker no program should know the difference.