Advice on imaging directly to an encrypted drive or placing a password on the windows backup image process

We would like to place a password on the windows backup image.  We search for this option but to no avail.  Next best thing, imaging to encrypted drive.

We are purchasing en 4tb external drive for the sole purpose of doing an windows backup image and saving it in the drive, however, we want to save it in an encrypted drive that’s will be created on it.

We would like to know,
 - is there a way to protect or place a password to a Windows backup image?
 - whats consideration we should take if directly doing a backup image to an encrypted drive? (drive letter the windows backup image asks for).
 - do we image in the external drive then move it to the encrypted drive?
rayluvsAsked:
Who is Participating?
 
McKnifeCommented:
1 of course.
0
 
Dr. KlahnPrincipal Software EngineerCommented:
Backing up to encrypted drives is, imo, an extremely bad idea.

Nearly all backup software compresses the data, which means that if there is an error in the data stream (viz., the backup has a bad block under it) all data following is corrupt until the compressor resets.  Large backups are relatively fragile to start with.

Taking what is already relatively fragile data, and putting it on an encrypted drive, makes the data even more fragile.  Any problem with the encryption makes the entire backup unrecoverable.

Backups should be made in a way that minimizes the problems associated with, and we all hope this never occurs, ever having to actually use them.  Throwing caltrops onto that road is not prudent.

If your management demands secure storage for backups, backup to removable external drives and lock them away in the company safe.  Backups should be made to removable external drives anyway; when a system is infected by ransomware, the ransomware encrypts every drive attached to the system.  Including the backup drives.  The only prophylaxis is to have the backup disconnected and physically somewhere else.
0
 
rayluvsAuthor Commented:
Does the windows backup image process compress the data?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
Dr. KlahnPrincipal Software EngineerCommented:
Windows Backup compresses the data by default.
0
 
rayluvsAuthor Commented:
ok.   ... does make sense about "...error in the data stream...".

What about these 2 alternatives,

1. after the windows backup image finishes it's process on a regular unecrypted drive, copying over to the encrypted drive.

2. another, after the windows backup image finishes it's process, doing a zip (using WinZip, WinRar, 7-zip, etc.) of the image folder(s) and placing it under password protect.
0
 
McKnifeCommented:
"Windows Backup compresses the data by default." - no, it does not, it uses virtual hard drives, uncompressed. That has always been an argument to buy 3rd party backups.

Rayluvs, it is pretty easy to solve. But in order to help you, please simply phrase why you want to do that, what's the idea? Describe exactly what you fear would happen without encryption.
0
 
rayluvsAuthor Commented:
You know thinking about it’, it doesn’t compress the backups.  I personally witness some time back a user access the windows backup image as a virtual disk without no type of uncompression process.  Thank you for the info.  

Basically the concern is somebody being able to go into the backup image or opening the image as a drive and accessing the contents.
0
 
McKnifeCommented:
How would that someone act? Why would someone have access to the backups, where are those? Details still missing.
0
 
Thomas RushCommented:
Some businesses are at severe risk if unencrypted backups go missing.   If this user has a requirement for encrypting the backups, then so be it.

To the asker: the simplest solution to your problem is to buy a standalone backup program that can encrypt the backup as part of the process.  We don't know a lot about your environment, which makes it hard to make a specific recommendation, but for a single system, look at Acronis or Paragon backup.  Make sure they are compatible with your operating system (the cheaper end-user solutions will typically not run on server operating systems).
If you have multiple servers or want to back up over a network,  Backup Exec may be a better fit.

Also, don't rely on unpowered disks for long-term archiving.  You will see bit rot on a significant number of disks sitting on a shelf over time (I'd refresh the disks no less often than every six months).
0
 
McKnifeCommented:
It could be solved as simple as using a bitlocked hard drive for the backups.
0
 
rayluvsAuthor Commented:
Thanx Tomas, Yes we used to use Paragon backup long time ago, will give it look at again.

McKnife there is no exact reason, but the user wants this option.  So your recommendation is encrypt a bitlocked hard drive and use that as the destination?
0
 
McKnifeCommented:
Yes, why not that simple?
0
 
rayluvsAuthor Commented:
So as said in the question, the next best thing is imaging to an encrypted drive.

That said, which one is the best optopn:

1. Image directly to an encrypted drive?

2. of image to the external drive, then move that folder to the encrypted drive?
0
 
Thomas RushCommented:
My personal thought is that something that requires two steps is going to get done successfully a lot less often than something that requires one step.   Plus, your 2 (image to external, copy to encrypted) is really *three* steps, because you need to make sure that the original backup drive is safely erased, or you'll potentially have an unencrypted backup "in the wild".

Just please -- make sure you test the process to take into account all the possible failure conditions: most importantly, that you can decrypt the backup using another system without access to any of your original servers, and that your keys are stored securely and yet available to a few trustworthy individuals.
0
 
rayluvsAuthor Commented:
Thank you very much, will do.  But how about my question, which one do you think is the best way to go:

1. Run the Windows Image Backup directly pointing to an encrypted drive?

2. of Windows image Backup first to the external drive, then after it's done, move that folder to the encrypted drive?

(FYI, we have taken in consideration the Paragon backup, but this user is more incline on the encryption option)
0
 
rayluvsAuthor Commented:
Then we were on the right track!

Thanx guys!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.