Encryption and Disk Imaging - Part I
Encryption can be a transformative and disruptive technology. It can transform otherwise perfectly good data into something completely unreadable, potentially disrupting typical enterprise systems such as data leak prevention, disk imaging, help desk operations, and data recovery.
Often, ensuring that these systems work well with encryption products requires collaboration between PGP® Corporation and our partners. Internally we refer to the combination of these partners and our customers as the "PGP Ecosystem". An excellent example of how the ecosystem is addressing one of these thorny issues is disk imaging.
Over the years, imaging has grown from a rarely-used, fairly obscure IT time saver, to a critical component of an enterprise (or individual) backup and deployment strategy. But how does a PGP Whole Disk Encryption (WDE) deployment affect this strategy? What happens when an encrypted disk gets imaged? What happens when it is restored? What are the risks?
While this isn't the place for a detailed overview of the topic, for the sake of discussion, I'll summarize it this way: disk imaging tools clone an entire hard disk, bit-for-bit, to a different location. This location could be an external disk, a network drive, or even a system recovery partition on the same physical disk. In general, there are two uses for disk imaging: system deployment and backup.
Deployment: Someone (say, the IT staff or Desktop Support team) creates a "golden image" of a corporate standard build. The OS is installed and configured, apps are licensed, and security settings are applied. This image then gets copied to new machines, bringing up new systems quickly and without hassle.
Backup: Someone (say, a normal user or an automated process set up by IT) runs an imaging program on an existing disk. The cloned data now acts as a perfect backup – in case of disk failure, the user can be brought back up quickly and have even the most subtle changes fully intact. In some cases, the user can just boot directly to the external drive and be brought back up immediately.
I'll cover the deployment case in a future blog, as there are some thorny technical issues worth mentioning separately. But in the backup case, how does full disk encryption impact disk imaging? If you're running PGP Whole Disk Encryption on a drive, it's probably because it contains sensitive information or you're subject to a corporate policy requiring your drive to be encrypted. Unfortunately, one of the greatest strengths of PGP WDE, its transparency, ends up being a bit of a problem for backup images. Why? Any time data is read from an encrypted disk (such as by an imaging program) it gets decrypted into memory automatically. When the imaging application writes the data out to a new location, it writes the unencrypted data, not the encrypted data. This leaves you with an unencrypted backup of an encrypted disk.
Sadly, since this unencrypted backup may be an external drive that slips easily into a pocket, it may actually be more vulnerable to theft than the laptop itself. Additionally, if you need to do a "bare metal" restore onto a blank disk or new machine, the resulting system would need to be re-encrypted. Historically, the only way to address this would be to perform the backup outside of the operationg system: since the PGP WDE driver never gets loaded, it can't dynamically decrypt the data when it's read from disk. However, asking a user to reboot their machine, insert a special backup disk, do a backup, then reboot again to load the operating system….Let's just say that only the most dedicated followers of IT policy will be doing backups.
What's needed is an imaging solution that operates from within Windows (to provide all of the automation, UI, and ease of use that users expect), lets users enjoy all the benefits of modern disk image backups, and yet operates seamlessly with PGP Whole Disk Encryption to offer fully encrypted backups and restores. In my next posting, I'll talk about that exact solution.