• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
Does Encryption Complicate Things?
 Data Security and Data Loss - What Happens Next?
Encryption continues to be the topic on every CIO and IT person’s lips nowadays. No onewants to end up in the news as the next victim of a privacy breach or the next companythat didn’t protect its customers’ information. If you conduct a news search using thewords “personal data breach,” you’ll be alarmed at the number of instances where personal information such as social security and credit-card numbers have been exposedto possible theft. In a recent breach, a state government site allowed access to hundreds of thousands of records, including names, addresses, social security numbers and documentswith signatures.Whether it’s government agencies, research facilities, banking institutions, credit card processing companies, hospitals--or your company’s computers - the risk of compromising private information is very high. At the recent “CEO-CIO Symposium,”speaker Erik Phelps from the law firm Michael Best & Friedrich described therelationship business has with technology. In his presentation, he stated that since“business relies so heavily on technology today, business risk becomes technologydependent.” The possibility of litigation is part of business. It has always been a risk of doing business, but because technology and today’s business are so intertwined, businessrisk has a higher threat level. This has prompted many to encrypt workstations andmobile computers in order to protect critical business data.If you have rolled out encryption, how do you maintain your IT service quality when thehard disk drive fails? How do you plan and prepare for a data loss when the user’scomputer is encrypted? These are all issues that should be considered when puttingtogether a data disaster plan. In addition, data recovery, one of the more common missingelements of a disaster recovery plan, should also be factored in because it can serve as the“Hail Mary” attempt when all other options have been exhausted.
Data Recovery and Encryption
Business continuity and disaster planning are critical for businesses regardless of their size. Most archive and backup software have key features to restore user files, databasestores and point in time snap-shots of users’ files. Software is becoming more automatedso users don’t have to manually backup their files. Some computer manufacturers have built-in backup systems that include dedicated hard disk drives for archive storage. Mostexternal USB hard disk drives have some sort of third party software that provides dataarchiving during a trial time period. Such solutions, while solving the data backup need,create questions regarding how effective the systems are with respect to user data. Whatare your options when a user’s computer has a data disaster and the hard disk drive isfully encrypted?Most IT security policies require a multi-pronged approach to data security. For example,when setting up a new computer for a user, the IT department will require a BIOS (Basic
 
Input/Output System) password for the system before the computer will start. BIOS password security varies in functionality. Some are computer system specific, meaningthat the computer will not start without the proper password. Other BIOS passwords arehard disk drive specific, meaning that the hard drive will not be accessible without the proper password. Some computer BIOS employ one password for access control to thesystem and the hard disk drive. To add a second level of protection, new IT security policies require full hard disk drive encryption. The most common of full hard disk encryption software operates as a memory resident program. When the computer startsup, the encryption software is loaded before the operating system starts and a pass-phraseor password prompt is required. After a successful login from the user, the softwaredecrypts the hard disk drive sectors in memory, as they are needed. The process isreversed when writing to the hard disk drive. This leaves the hard disk drive in a constantstate of encryption. The operating system and program applications function normally,without having to be aware of any encryption software.
The Recovery Process
Recovering from hard disk drives that are encrypted follows the same handling procedures as all other magnetic media. A strict process of handling and documentationstarts right at the shipping door upon drive receipt and ends when the drive is shipped back to the customer. In most cases, when working with a top data recovery provider, allrecovery processes are logged. This results in an audit trail of the recovery history andserves as verification that the recovery was conducted in a secure, compliant manner.Specifically, you want to ensure the process consists of the following high-level steps:1.Triage drive; determine faults without opening drive2.Clean room escalation for physical or electronic damage3.Secure original media4.Sector-by-sector copy of drive data5.User Key used to decrypt data6.Produce file listing of user file names7.Repair file system8.Prepare data for delivery9.Encryption options for data deliveryAfter the first four stages listed above, the recovery engineer will begin to map all keyfile system structures that point to the user files. However, if the hard disk drive isencrypted, then the drive needs to be decrypted in order to proceed.
Decryption
If this is the case, a user key or decryption password is required. Fortunately, encryptionsoftware has come a long way over the years. Instead of using a master password for decryption, most professional encryption software provides a technician level pass-phrasethat changes on a daily basis. This protects the user’s password and the organization’smaster password.
 
Many organizations are comfortable providing these one-time use pass-phrases so that therecovery work can continue. However, this is not always the case. For someorganizations, providing this information to an outside vendor, such as a data recovery provider, is against their security policy. In these situations, a successful recovery is still possible. There are data recovery vendors that can perform recoveries while leaving thedata in its encrypted form throughout the entire process. In this case, the data will berecovered and sent back to the client in its encrypted form; however, the specific resultswill be unknown until the files are opened by someone with access to the encryption key.Ultimately, this limits the ability for a data recovery provider to communicate the successof the recovery until the recovered data is delivered and opened, thereby placing some burden back on the customer.As a result, it is clear that significant time and cost savings are associated with allowingyour data recovery vendor to access your one-time use pass-phrase codes whileattempting to recover your encrypted data. At the same time, it’s critical to ensure thatyour selected vendor also understands security protocols, is knowledgeable aboutencryption products and has privacy policies in place.
Resuming Recovery
Following the recovery, preparation for delivering the data begins. Since the original harddisk drive was encrypted, safely securing the recovered data is highly important. Therecovered data is backed up to the media choice of the user and is re-encrypted. The newdecryption key is communicated verbally to the user; email should not be used, as thiscould be a security risk. Some leading edge data recovery companies are able to deliver recovered data back to the customer in an encrypted format on external USB/Firewirehard disk drives. From the start of the recovery to the final delivery, data should be securethroughout the entire process.
Data Recovery Vendor Considerations
When looking for a data recovery provider, it’s important to ensure that the one selectedcan handle not only the various types of media, but also understands the data securityregulations of today’s organizations. For example, encrypted data requires special datahandling processes -- from the clean room to the technically-advanced recovery lab. Thisisolation ensures no one person has complete access to the media throughout the recovery process, thereby providing security while maintaining recovery continuity and quality.Additionally, it is important to note that some data recovery companies have been clearedfor security projects and services for U.S. government agencies. As a result, thesecompanies implement data privacy controls that are based on the U.S. government’sElectronic Defense Security Services requirements for civilian companies that are under contract for security clearance projects or services.Unfortunately, most data loss victims only consider data recovery right after they haveexperienced a data loss and are scrambling for a solution. Emotions run high at this point.
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...