Best Practice: Implementing a Full Disk Encryption on laptops

Posted on

Best Practice: Implementing a Full Disk Encryption on laptops – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, encryption, best-practices, disk-encryption, .

We are thinking about using TruEncrypt full disk encryption to protect the data on our laptops (roughly 15-20 in the healthcare field – XP & Win7). And I was wonder about backups, and not per say the method or the use of a product like TruEncrypt.

Should all laptops be backup before the encryption?
And then backup after the encryption? (Clonezilla/Acronis)
I am worried about accessing the data if the laptop’s hd starts to fail or hd corruption … and will we be able to recover the data even with the encrypted hd dying. Is it possible to recover the data when hdd’s fail or get corrupted?

Backups with be encrypted.. and Recovery disks will get backed up too.

Solution :

I take it you are talking about the initial backup and imaging process? I would suggest backing up the data when the drives are unencrypted. It removes a layer of complexity. You would also want to encrypt each laptop separately, so they have a different salt/hash.

When doing subsequent backups, if necessary (i.e. for user documents, and such), do it from the OS, after it is unencrypted.

I’d say to back them up after encryption, to save time on having to reencrypt an entire laptop again after a failure (although this doesn’t seem that it would be a frequent scenario). An argument could be made for backing them up before encryption to mitigate the risk of a lost key/password, but it depends on how you’re doing things. There would be no harm in backing them up before encryption, considering that your backups are encrypted regardless.

If you’re going to do regular, periodic image backups of each laptop, then backing up with encryption is your only option. It doesn’t seem very practical to unencrypt, back up, then reencrypt.

Encryption is done in blocks, so a bad sector will only corrupt a single encrypted block, leaving the rest of your data intact. Check the Truecrypt documentation to find out what their block size is; a bad sector would render an entire XXkb block of data unreadable, versus 512b for an unencrypted sector, but it’s not like a single bit corruption on an encrypted hard drive will render the entire thing unreadable.

Leave a Reply

Your email address will not be published. Required fields are marked *