The good and the bad of encryption


There have been many mentions of encryption in the news over the past year or so, primarily in connection with stories about ransomware viruses such as CryptoLocker and GameOver Zeus.

The idea that criminals can hijack your computer content and use encryption to hold your data to ransom is worrying, but there is another, positive side to the technology that rarely gets mentioned.

To recognise how encryption can help businesses, we need to understand exactly what is meant by the term. Encryption involves encoding data so that only people with the right “key” – a decryption algorithm – can decode and access the data. Long used by military forces and governments, it doesn’t stop people from accessing data, but it can stop them from reading and making sense of it.

Encryption is becoming an increasingly common tool among businesses that want to protect their most sensitive files. It is also popular as a way of securing content stored on external drives and portable devices such as laptops, tablets and mobile phones, all of which are more susceptible to loss or damage.

Better security but more difficult to recover

There are two main approaches to the encryption of business data. The first involves software solutions such as Microsoft BitLocker, Check Point PointSec and McAfee Safeboot. With these tools, the user is in charge of the decryption key.

The alternative is to use hardware encrypted drives such as Secure Encrypted Drives (SED) or Full Disk Encryption (FDE), where the key is built into the device.

While encryption adds a layer of protection to data, it can also increase the complexity of data recovery following a system failure. This is particularly so when dealing with hardware encrypted drives because if the drive becomes corrupted or malfunctions due to physical, logical or electrical issues, the key is essentially “locked” in the drive. The only way to gain access to the data is to engage data recovery engineers to bypass the failure to get the drive working, and then decrypt the data as part of their reading of the drive.

Building a better mouse trap

All of this takes time however, and few companies are willing to wait for a week or more before regaining access to their data.

At Kroll Ontrack, the number of recovery projects involving encrypted hard drives has more than doubled since 2009. With demand continuing to rise, data recovery companies have been focusing their research on ways to reduce the amount of time required for recovery of encrypted drives with a logical or physical failure.

Earlier this year, Kroll Ontrack’s investment in this area paid off with the development of a new decryption technology that allows engineers to target only areas of the hard drive that have been used while also accelerating the decryption process. By removing the need to image unused portions of the drive, decryption becomes much faster, allowing work to begin on recovery within a matter of hours.

The technology can be used to assist companies that have suffered equipment or media failure. Because of the improvement it brings to recovery times, the technology effectively removes one of the biggest hindrances to encryption adoption. As a result of this, we expect the practice of data encryption will increase further in the coming years.

A final word

It is worth pointing out that if you do use encryption and your drive fails, recovery involves exactly the same steps as any other media. Don’t mess around once you’ve noticed the problem. Get the drive to a data recovery centre so that qualified engineers can assess it. Choose a centre with a cleanroom environment, where the drive can be safely worked on. The engineers will then image the drive data and secure the original media before decrypting the data. Finally, after repairing the file system they will prepare and encrypt the data, ready for delivery.

All in a much faster time frame than was possible just a few months ago.