Hyper-V Program Manager
In Windows Vista we introduced “BitLocker” to Windows – a native full disk encryption technology for Windows. Most people immediately saw the potential for BitLocker on laptops. Encrypting your laptop meant that if you were ever unfortunate enough to lose your laptop (through theft or forgetfulness) you would not have to worry about someone else getting access to your data.
But today I would like to explain to you why you want to use BitLocker on your servers too. All of your servers.
Recently, I had a hard disk fail in one of my servers. This happens from time to time, and thanks to RAID it was not a big deal. I just bought a new drive, popped out the old drive, put in the new one, rebuilt the array and I was off and running.
But now I have a problem: what do I do with the old drive?
It’s broken. So broken that it is hard to delete the data that is on there – but there is data on there none the less. And despite how unlikely it is that anyone will ever look at it – I am not entirely comfortable with just dropping it in the trash. Personally, I have had the experience of connecting a broken drive that had been sitting on the shelf for a couple of months and finding that it would work for a couple of hours before failing again. It is plausible to imagine that someone might find my old drive and hook it up just to see if it worked.
So how do I get rid of that data?
Drives these days are quite hard to destroy. I have tried to pull them apart manually, I have hit them with a hammer, I have even driven a car over one. They are surprisingly rugged. You could sit magnets on them – but you won’t know how effective it has been. Microwaving the drive should be quite good – but would probably damage the microwave as well. Besides, there is a much simpler solution: use BitLocker.
Once you have enabled BitLocker on a server – your data is now protected, even if the disk fails. Especially when the disk fails. With BitLocker on you can take that failed hard disk and drop it in the bin with no concern of anyone ever getting data off of it.
Or just spike the drive onto a concrete floor and break the platters inside :)
Much like David's solution, I would say just take a power drill and drill a 1/4" hole through the platters. Doesn't help entirely if a government sponsored organization wants to get the data on the drive, but it will certainly stop a dumpster diver from getting the data.
I do see your point about using encryption software though. My question is what kind of overhead do you incur from BitLocker? Some workloads may not deal well with added disk access time (I'm thinking things like high volume SQL Servers).
What if you need to recover a Bit-Lockered drive after a disaster? Worst-case scenario? Can you recover data from it if you know the decryption key?
BitLocker is brilliant, the performance loss isn't that much even on servers (about 10%). It's a shame it's seen very less adoption on the client side because MS chose to limit it to Enterprise and Ultimate editions. BitLocker should have been in Home Premium and up.
surely it would not be recoverable without the rest of the array? also, best way to trash a hdd is to take the cover off and smash the platters... you also get 2 strong magnets to play with
You could use a Degausser to remove the data. We use a deguasser for all of our data destruction.
Our security officer wants to do this on all our servers as well. After we demo'ed the performance hit to our SQL boxes, he backed off. We pay the extra $$ to keep our bad disks from IBM/DELL/HP and we have them shredded.
I do not know what the overhead is, most of my servers are not bottlenecked on I/O.
James Feldman -
There is a recovery key that allows you to get the data back in the worst case scenario
How much use is 1 drive out of a raid array anyway?? -
I always use RAID1, so an individual drive has all the data on there
I prefer running SED disks and not having the performance penalty
Q1: Ben, do you know software which supports recovery from Bitlocked drive with recovery key?
Q2: What is the preferred setup for running Windows from VHD and Bitlocker? I mean what should you encrypt - the whole host drive or every VHD on it in case there are no sensitive data on the host drive itself?
I wish encrypting be incorporated into VHD standard.
Sorry but i think is a VERY bad advice. Using BitLocker isnt a light change, and applying it to all servers is asking for the worse to happen (all servers KO'ed. For good. Time to find another job).
Using BitLocker means the addition of significant overhead to the server environment. When you break it down and look at it from a risk management perspective, a full disk encryption software such as BitLocker protects against theft or loss of devices which typically exists on laptops or mobile devices. Usually the servers are in a locked down data center and the risk of someone who can break in through all the layers of physical security and stealing a server is low.
Instead, I would recommend that folks either degauss or subscribe to a provider and re-route all of your server or SAN drives over for a 3 pass or whatever level overwrite. Much easier, less overhead and you still maintain your security and risk posture.
How do you compare BitLocker to other encryption products
Just pop that puppy in the microwave and turn it on for 10 seconds and you can bet your files are gone forever...