Encryption: Can good intentions go bad?

With high profile news from Snowden to Google, Facebook to WhatsApp, and even Apple and the FBI, encryption seems to be the new buzzword but it is not all good news for everyone rushing out to encrypt their data.

Following the sensational revelations of Edward Snowden in 2013, giants of the IT industry including Google and Facebook and most recently WhatsApp have reportedly tightened up their use of encryption significantly, to prevent apparently easy access to data on their platforms by hackers as well as security services.

Corporations turn to encryption

Corporations have also increased their use of encryption. A recent report from Dell found that the amount of encrypted traffic travelling through corporate firewalls had doubled over the previous 12 months and now accounts for almost two thirds (65 per cent) of all communications.

The use of complete encryption solutions such as BitLocker or the native Windows Encrypting File System (EFS) booms at the mere mention of an eavesdropping scandal, cyberattack or data breach. It’s not just IT professionals who are choosing to encrypt corporate data but also home and small business users who wish to protect data from unauthorised access.

Encryption is one of the most common methods of protecting data on a personal and a corporate scale. There are numerous software programs and hardware tools that can be used to do this and in the past year we have seen a big increase in the quantity of encrypted media for recovery, not only from home users but also from large businesses too.

It has become clear that many people who encrypt their data don’t think about the risks that come with it, including the possibility that the software or hardware can fail: however it is not uncommon for the encryption process to go wrong and for the data to become irretrievable.

So can data be ‘too safe’ from a data recovery point-of-view?

The answer is yes. Especially when you consider the complexities of recovering data from encrypted media where either the software has failed, or users are unable to provide the necessary passwords for recovery.

Encryption as a tool is designed to be a friend to organisations and individuals doing their best to safeguard their information, but it can introduce potential problems that users may not be aware of until it is too late.

Data encryption often gives users a false sense of security but can prove to be an insurmountable challenge after a data loss.

There are a number of solutions on the market but what they all have in common is that they rely on decryption keys that are set up to protect particular files or data. If a loss of data occurs, it is imperative that the corresponding decryption key is present. In order to successfully decrypt recovered data, the associated decryption key must of course be available.

With some hardware-based encryption schemes the decryption key (or a part of it) is often found in the drive electronics, on the media itself or a combination of both. Sometimes the host system itself contains information stored within its hardware that is critical to recovering the data decryption key. If the controller is damaged the data can no longer be decrypted and data recovery companies will require a key that can only be provided by the manufacturer.

It’s not sensible for individuals or corporations to avoid encryption, since data does need to be protected. What individuals and corporations must do though is encrypt data with full knowledge of the process, and do so intelligently, taking into account the pros and the cons and picking the right solution for them and their data.

When considering how to manage safe data encryption, we recommend following these simple steps:

  • If deploying a software encryption product, choose a one that is well used, tested and proven to be successful
  • When selecting a password to protect your home or corporate system, use one that is memorable to you but difficult for third parties to guess – your DOB, 12345, or password are common but very bad choices . Longer passwords with a combination of numbers, caps and symbols are better options
  • Think about what actually needs to be encrypted rather than encrypting everything automatically: personal photos may be important to you but they don’t really have to be protected with complex encryption software
  • Maintain a rigorous back-up schedule so that data is always recoverable and test your restore and decryption process frequently to a different drive than the original drive
  • Keep copies of credentials (username, passwords) locked away physically in a secure place (e.g. a safe)
  • When installing encryption software for the first time always choose the option to create a recovery key or recovery disk and keep this locked away in a secure place as a data recovery engineer will almost certainly need it
  • Remember that saving, storing, copying, moving, or backing up data on several partitions does not prevent the drive from data loss. If a drive is corrupt, several partitions can be affected simultaneously

Robin England, Senior Research and Development Engineer at Kroll Ontrack

Image Credit: Maksim Kabakou / Shutterstock