When fully encrypted disks go bad
GCN Quickfind No. 859
- By David Cassel
- Oct 19, 2007
So what happens when your fully encrypted disk breaks down? Don't look towards your standard recovery tools.
"A damaged drive cannot be booted and recovered with conventional recovery tools; you'll need a special boot disk supplied by the manufacturer," said John Girard, a vice president and distinguished analyst at Gartner.
It's a small but important reminder that when you implement a full-disk encryption system, don't underestimate your commitment. "When you implement full-disk encryption, all the procedures you follow as an organization for technical support and disk recovery have to change completely," Girard said. "If there's a problem, you can't start the operating system. You can't use normal disk recovery on the system."
It's not a deal-breaker, Girard adds ' but it is something to be aware of. "It just changes the way you do it. You can't do forensics and other things on the drive until you unlock it, and you can't do that until you boot it with a proprietary system. If the disk is really damaged ' you'll have trouble getting in."
This is why, with full-disk encryption, regular backups are more important than ever.
"What I recommend to people is at the same time you put in any encryption product ' full disk or not ' it's a good time to go look at your backup strategy," Girard said. "If your systems are being backed up on a regular basis to a secure backup system, there's a lot less pressure on you to recover a damaged drive. And you can get them a working system a lot faster."