The Datto Node - A Blog for MSPs, VARs and the Channel

Encrypting Data in Windows, Mac and Linux

Tweet

 

At Datto, we are frequently asked by our partners, "What is the most efficient way that one can go about encrypting data?" Datto provides encryption of backed up data starting from the moment backup data leaves the local network all the way until it reaches the data's destination in the physical layer of our SAS 70 Type II Data Centers. Having the encryption performed as close as possible to the source (at the OSI Model's presentation layer) provides the highest level of security. 

Enter TrueCrypt

In my search for the most efficient cryptosystem for end users, I discovered an amazing open-source program called TrueCrypt that I felt needed some praise. After some testing, I immediately fell in love with its user friendly interface and feature set. TrueCrypt provides encryption for Windows, Mac, & Linux Operating Systems. This is a major bonus for users like myself who frequently bounce between Operating Systems. One of the cool things about this software is its ability to offer various levels of encryption which may be performed at either the file, partition, or disk level. TrueCrypt can even encrypt the disk where the Operating System itself is installed and actively running.

Extra Protection

Another very attractive feature of TrueCrypt is that of plausible deniability. In the event that the user is forced into providing the encryption key for a TrueCrypt data-set, a second key can be provided that will simply show random data. This random data can be easily explained by claiming that the data had been previously wiped in a secure manner. TrueCrypt's plausible deniability system achieves this for data at the partition or disk level.  This can be done for the file level as well, however it would be hard to explain why a file contains random data while attempting plausible deniability.

Solid Performance

With newer PC's that use multi-core processors, encryption is automatically applied in a transparent state as quickly as if the drive was not encrypted. In my initial test of this software, I encrypted a Windows 7 VM containing 4 CPU Cores at the disk level. I found no performance loss for the VM and CPU/Memory resources appeared to be abundunant in Windows Task Manager. Theoretically, if I were to encounter any performance loss (such as on an older system) I could simply select "Permanently Decrypt" the drive and completely absolve myself from TrueCrypt.

On TrueCrypt's website, you can find extensive documentation, a beginner's tutuorial, a user forum, and FAQ which I found to be extremely well produced and very helpful.  According to their site, since TrueCrypt was first released with version 1.0 in 2004, it has been downloaded nearly 22 million times.

If you have an interest in encryption software for multiple operating systems, give TrueCrypt a try, and feel free to let us know what you think of it in our comments section!

Ed Tella is Documentation Manager at Datto, Inc

Questions? Comments? Send them to blog@dattobackup.com.