I have an SBS 2008 Standard server soon to be SBS 2011 Standard (unless I go with Server 2012 and Hyper-V). But, for now the above. It is on a Dell PowerEdge 2900 with a RAID 1 for the OS and a RAID 5 for the data.
It currently has ESET NOD32 Enterprise A/V with full exclusions for Exchange, etc. It is backed up with the SBS Imaging Backup which is encrypted.
The problem (well it should be a problem anyway) is that I am a physician and HIPAA now mandates that PHI (patient health information) be encrypted.
From my understanding, TrueCrypt is free (not sure for commercial use or not) and encrypts the data only when the server or computer is not in use. Jetico (pay for) also encrypts the data when the server or computer is off.
This is the most important since the main objective would be if someone were to steal the hard drives, the data would be encrypted. In talking to Jetico, I "think" they also have a solution whereby files are encrypted while the server is in use. This, I suppose, would only be useful to combat viruses or malware such as Cryptolocker. The encrypted backup would be useful if Cryptolocker were to get on the server, but that is an added hassle.
I also think SBS 2008 has bit locker, but I know very little about it, which is probably the reason I am not using it.
I have also been told by a very knowledgeable person who sets up quite a few SBS and other Microsoft OSs, that it can cause a performance hit as well as even corrupt files.
So, my questions are:
1. How likely is it that a properly set up encryption program could hurt server data files?
2. How much of a performance hit would their be?
3. Of the three options for encryption, which would be best in your opinion?
4. Would you even consider using the Jetico option of encryption while the server is running?