Member Avatar for Geekitygeek

Hi,

I have tried googling and searching for this but just find endless information about why software/hardware based encryption is the better option; what I need to know is whether there are any problems using BOTH.

We want our offsite backups have to be as secure as possible. We previously used backup software that 256bit encrypted the output files. These were written to external drives with 256bit hardware encryption so we had 2 layers of protection for the data.

Due to changes in our server configuration we are looking to use the built in windows server backup, but this does not include an option for encryption. As such, I am looking into using Bitlocker (or some other software based solution) to replace the file based encryption we previously had.

Is there any reason we SHOULDN'T run a software based disk encryption on a hardware encrypted disk? I know performance will be impacted, and we will have an extra hoop to jump through when we want to restore the data, but are there any reasons that this setup won't work or shouldn't be used?

  • 2 Contributors
  • 2 Replies
  • 402 Views
  • 6 Days Discussion Span
  • Latest Post Latest Post by Geekitygeek
Member Avatar for rubberman

If your disc is hardware encrypted, you do not want to use software encrypting in addition. First, it will seriously impact performance. Second, you now will have two sets of keys to manage. All in all, it won't make your data any more secure. It is more important to encrypt it when transferring from one computer to the backup system so the data is not in the plain during the transfer. Also, you can compress the data before sending it (I am assuming you will be using a secure/encrypted connection, tunnel or whathaveyou), and transfer the encrypted compressed files, then when it gets to the backup server, you can either leave them in a compressed form (less disc space usage) or decompress them if you need them back in their native format.

Edited by rubberman
Member Avatar for Geekitygeek

I'm sorry, I'm a little confused. You say not to use software compression, but then you talk about the "encrypted compressed files". Windows backup doesn't allow for encyption when you create the files, so surely I would need to use software to encryt and compress them?
The drive is a USB enclosure with hardware encryption; the data will be written direct to the attached USB device, so no connection/tunnel.
I appreciate that 2 levels of encryption will mean a slower read/write performance and 2 sets of keys; this is something we already manage as the backup software we used previously had its own encryption key (speerate from the drives key). But I thought 2 levels of encryption, with 2 different keys, would be twice as secure as a single level of encryption with a single key to break, no?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.