How Encryption Complicates Data Recovery

Sep 1, 2007 12:00 PM, BY SEAN BARRY

The encryption of workstations and mobile computers is becoming more common in order to protect critical business data. But how do you maintain your IT service quality when the hard disk drive fails? How do you plan and prepare for a data loss when the user's computer is encrypted? These are all issues that should be considered when putting together a data disaster plan. In addition, data recovery, one of the more common missing elements of a disaster recovery plan, should also be factored in because it can serve as the “Hail Mary” attempt when all other options have been exhausted.

Professional data recovery vendors have a very detailed process for data recovery. Recovering from hard disk drives that are encrypted follows the same handling procedures as all other magnetic media. A strict process of handling and documentation starts right at the shipping door upon drive receipt and ends when the drive is shipped back to the customer. In most cases, when working with a top data recovery provider, all recovery processes are logged. This results in an audit trail of the recovery history and serves as verification that the recovery was conducted in a secure, compliant manner.

If the hard disk drive is encrypted, a user key or decryption password is required. Fortunately, encryption software has come a long way. Instead of using a master password for decryption, most professional encryption software provides a technician level pass-phrase that changes on a daily basis. This protects the user's password and the organization's master password. If providing these one-time use pass-phrases to an outside vendor is against a company's security policy, a successful recovery is still possible.

There are data recovery vendors that can perform recoveries while leaving the data in its encrypted form throughout the entire process. In this case, the specific results will be unknown until the files are opened by someone with access to the encryption key.

While significant time and cost-savings are associated with allowing your data recovery vendor to access your one-time use pass-phrase codes, it's critical to ensure that the selected vendor understands security protocols, is knowledgeable about encryption products and has privacy policies in place.

Following the recovery, preparation for delivering the data begins. Safely securing the recovered data is highly important. The recovered data is backed up to the user's media of choice and is re-encrypted. The new decryption key is communicated verbally to the user; e-mail should not be used, as this could be a security risk. Some leading-edge data recovery companies are able to deliver recovered data back to the customer in an encrypted format on external USB/Firewire hard disk drives.

It's important that the data recovery provider can handle various types of media and understands the data security regulations of today's organizations. Encrypted data requires special data handling processes — from the clean room to the technologically-advanced recovery lab. This isolation ensures no one person has complete access to the media throughout the recovery process.

Unfortunately, most data loss victims only consider data recovery right after they have experienced a data loss and are scrambling for a solution. Emotions run high at this point. The fallout is sometimes crippling, with the IT staff working around the clock to get the computer systems back to normal. It is not the time to think about what makes a good data recovery vendor. Incorporating this decision into your business continuity planning is best done in advance. Some key questions to ask are:

• Do you have a relationship with a preferred data recovery vendor?

• What should you look for when reviewing data recovery companies?

• Do you include data recovery in your disaster and business continuity planning?

• Do you have a plan for how to handle data loss of encrypted data?

• Do appropriate people have access to the encryption keys to speed up the recovery process?

Additionally, find out the techniques and recovery tools the providers use. Ask the companies how large their software development staff is. Inquire about how they handle custom development for unique data files.

While these details may not seem important at first, they can be the decisive factors that determine whether your data recovery experience is a positive and successful endeavor.

---

Sean Barry has 10 years of experience in the data recovery industry and currently serves as the remote data recovery manager of North America at Kroll Ontrack, a provider of data recovery products and services worldwide.

Want to use this article? Click here for options!
© 2012 Penton Media Inc.

This month in Access Control

• Targeting The Customer
• Electronic Pedigrees
• One Hero Among Many
• Who? What? When? Where? Why?
• More from September's issue