File encryption dos and don'ts

What can you encrypt? Unless you are using volume or full disk encryption, it is unlikely that you can encrypt all files. Decide what you want to encrypt, and then test. You'll often be surprised at what can't be encrypted because of normal OS operations or application problems.

Double-checking the encryption In every project I've seen, there's always something you told the program to encrypt that it didn't. Trust, but verify. And after you encrypt something, use a disk sector editor and look for accidental plain text remnants of files that the encryption solution may have left behind. I like to place very unique text, such as "frogsturnintotadpoles," in a text file, encrypt it, and then search for the string. You'll be surprised how often plain text remnants are left in the open. Address accordingly.

Performance hit? All encryption incurs a performance hit. The questions are, How much? And how much is acceptable? In one project, the encryption process went great, but the decryption process choked on very large files, such as e-mail archives. Before you choose a solution, test and make sure the encryption/decryption process doesn't negatively impact performance. A 2 to 5 percent performance hit isn't unusual.

Employees will have to stay out of programs while encryption is happening. Open files cannot normally be encrypted. Consider rebooting the computer just before the encryption process is run for the first time to ensure that all files are closed. After the reboot, think about encrypting the largest files first (such as Outlook .ost and .pst files) and allowing your end-users into a limited set of applications to minimize operational interruptions.

If possible, test the encryption process at below-normal, normal, and high priorities. In Windows, you can change a program's CPU priority through Task Manager or by using the Start.exe program at the command line. Use below-normal priority if you want end-users to be able to access their computers and programs while the encryption process is taking place. Of course, be mindful that this will result in open files being locked and not encrypted. On the other end of the spectrum, you can tell the encryption process to be as fast as possible and keep users completely out until the entire process is finished, ensuring maximum speed and fewer locked files.

Do you have the available disk space? Many encryption programs require a huge amount of disk overhead during the encrypting/decrypting process, unless the process is all done in memory. For example, encrypting a 100MB file might consume as much as 200MB of available disk space. You normally don't need double the available disk space for all the files collectively, but double the space of the largest single file/object being encrypted. After the object is encrypted or decrypted, the temp files are removed and the disk space is freed up.

Create a data protection policy Write your employee policy first, before starting out with any encryption project, and get management's approval. That goes without saying, right? The key is defining end-user expectations and penalties for purposefully avoiding company-mandated encryption policies. You need management's backing on this, or you will go to a ton of trouble and expense only to have users undermine your efforts on a daily basis.

Ongoing auditing and verification Encryption and employees aren't perfect. Develop an ongoing process for verifying that expected files are encrypted.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Roger A. Grimes

Roger A. Grimes

InfoWorld
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?