Two of your favorite themes are image backup and TrueCrypt. I’ve not seen
you write about the two together. I’ve bought an eSata 1TB drive and I’m
planning to put TrueCrypt on it and then back up my Vista system and files
before upgrading to Windows 7. How does that sound to you?
Sounds just fine, but my initial reaction is – why?
Not that there aren’t valid reasons for doing do, but by and large it’s not
something most people need. That being said, it is a good solution for certain
scenarios, and I’ll look at a couple.
It all does kind of beg a chicken-and-egg type of question: do you backup
encrypted files, or do you encrypt the backup?
The purpose of encryption is simple: security. More specifically, encryption prevents unauthorized people from accessing your sensitive data. As you mentioned, TrueCrypt is my bulk encryption solution of choice. I rely on it heavily.
Backing up, of course, is all about recovering from failure and data loss. If your hard drive dies or if you accidentally delete a file having a recent full backup of your system that you can rely on for recovery will ultimately save the day.
So, why encrypt a backup?
In short: you’d want to encrypt your backup if for some reason it could fall into the hands of people whom you’d not want to be able to see its contents.
In most cases, that’s actually not necessary. For example, many people perform their backups to an external drive sitting right next to their machine. There’s no reason to encrypt the backup if the machine right next to it isn’t encrypted itself. Encrypting the backup gives you no real additional protection.
The most common scenario that people consider in a situation like this is theft. A knowledgeable thief who’s actually after your data may well steal only the external drive. If the backup data on that drive is encrypted it’s of no use to him.
That’s if he’s actually after your data. I’m of the opinion that thieves are actually more likely to steal computers and other higher value electronics rather than today’s inexpensive external drives.
Needless to say, I don’t encrypt my external drives or my daily backups.
On the other hand, if theft of the external drive is a real concern, or you do plan to take that external drive to less secure location – perhaps for off-site backup – then encrypting it using a tool like TrueCrypt is perfect approach.
But we’re not done encrypting backups just yet.
As I said above, I figure that it’s my PC that’s more likely to be stolen than some random external drive. Or even more likely, my laptop could easily disappear since it’s designed to be portable and easy to carry off.
And of course, the data on either of those computers – desktop or laptop – would go along with it.
That’s why I encrypt my sensitive data regardless of what computer it’s on.
My Roboform password database, my financial records and more all reside in a TrueCrypt volume for which I must provide the passphrase in order to access.
And when it comes to backup, here’s the key: I don’t backup the contents of the TrueCrypt containers – I backup the containers themselves. That means that my backups are just as secure as the files on my computer. It means that in order to access any of that information – even from my backups – the correct passphrase is required.
All of this is done with no additional effort on my part when it comes to the backup. I don’t encrypt my backups – I backup my already encrypted files.
And it also means I don’t use whole-disk encryption – I use standard TrueCrypt volumes as files, specifically so that they can be backed up and copied around as needed.
Ultimately, exactly what combination of encryption and backup technologies you would use will depend on your specific needs and situations. Whether you encrypt your backup, or back up your encrypted data – or whether you do anything additional at all – TrueCrypt and your backup strategy can absolutely play well together.