Backup and Hard Drive Encryption

[Old Bear]

Does anyone have a compatible coupling of hard drive encryption and on-line backup?

With GDPR I’m looking at using hard drive encryption on my pc. However, I’m struggling to find a backup system that supports working with encrypted hard drives. Can anyone recommend proven couplings (with bonus brownie-points for compatible AV, or AV+encryption, advice - thinking rootkit and off-line scans)?

 

[Kixo]

i think you may need to think a little differently about encryption - the disk is encrypted, but depending on how you encrypt depends the desination being encrypted. Example, if you encrypt a file with a 3rd part program, its encrypted no matter what, however if you use windows bitlocker, soon as you copy the file off - it wont be encrypted. Pretty much all harddrives can be encrypted and will work with software, however its all in the setup - you dont need specific drives.

also same with online, the transfer will be encrypted but to be extra safe you may choose to encrypt before transfer. you can go a little crazy on this.

GDPR isnt the same as encryption, and encryption isnt the same as authentication.

Could you tell me a bit more about your setup, e.g. servers? or laptops, or desktops, do you use portable USB drives or thumb drives?

Cloudberry is amazing backup software, Azure and Amazon web Services are great, and so is bitlocker built into windows professional - AV i'm not a huge fan of as providers can take your files and them to the provider for extra scanning - that in itself would be very bad for GDPR. My suggestions is built in windows defender, or its big brother system center endpoint. the big AV providers are having a bad time, especially ones like kaspersky being banned by american governments, the UK also has same feelings https://www.theregister.co.uk/2017/12/03/uk_government_bans_russian_anti_virus_software/

If you can tell me a bit more about your setup i can suggest a bit clearer details maybe?

 

[Old Bear]

Yes encryption is not GDPR, any more than a brick is a wall, however encryption is a good practice which can be adopted to keep customers data safe, and as such is part of a GDPR strategy.

Small office environment, single pc and a couple of laptops; no server. Encryption is to be used to protect information in case of device loss or theft. USB sticks are used, but are being phased out for data.

User data backups are to cloud, but I have been told by some providers they don't support running on an encrypted machine {previously my understanding was the encryption software was running at a lower level, and would not be seen by backup software; however if the backup is looking for only the changed parts of a file, then this could be masked by encryption software(?)} .

A very good point about AV's automatically forwarding infected files for analysis, fortunately most reputable AV's allow this option to be turned off - any product which doesn't should definitely be avoided. The juxtaposition with AVs is with boot time scans - root kits, low level, and off line scans - this give the opportunity to clash with encryption software which also runs at low level?

 

[Kixo]

Lot of people keep asking us if encrypting something means they are then GDPR compliant..... you can tell my response

i can 100% confirm, Microsoft Bitlocker for drive encryption, with system center AV, Cloudberry backup software to Azure/Amazon is encrypted the entire way and works so smoothly i've never thought about it! There are different solutions for usb thumb drives.... you can use windows bitlocker on external drives if needed. Make sure and backup keys because if your computer goes - you loose everything apart from cloudberry backups!

We use that setup for small 1-3 users right up to 300+ users in multinational company. Its not the cheapest method but its also not expensive for the security it goes you.

 

[ffox]

Small office environment, single pc and a couple of laptops; no server. Encryption is to be used to protect information in case of device loss or theft. USB sticks are used, but are being phased out for data.

For what it's worth, you are looking at this from the wrong direction. The setup you have is ideal for G-Suite or Office 365. Both support encrypted HDD on local machines and both encrypt data at rest in the cloud.

Here's a resume of Office 365 encryption -
https://support.office.com/en-us/ar...t-Online-6501B5EF-6BF7-43DF-B60D-F65781847D6C

On top of that most Office 365 plans deliver full data governance and mobile device management through the admin control panel.

Office 365 with SharePoint is also a full Enterprise Content Management system and Electronic Document Management system straight out-of-the-box. This covers most of the needs of any SME GDPR requirement. All you need to do is write up the policies and configure the level of protection.

Hope this helps

 

[Russ Michaels]

I think you probably need to read up on GDPR a bit more. Here is a simple checklist that might help.



Use Windows built in bitlocker for encryption, then the OS is dealing with the encryption/decryption of files, so any AV or backup software should work just fine.

For CyberSecurity I use BitDefender Internet Security for myself and BitDefender GravityZone


For Backup I use 3 x solutions
1. for clients who want a managed solution, I provide this through Solarwinds
2. For clients who want a DIY onsite and offsite cloud backup, I suggest Acronis
3. For clients who just want a cheap onsite backup solution, Easus TODO Backup