ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    encrypted at rest - one drive for business / Google Apps for business

    Scheduled Pinned Locked Moved IT Discussion
    22 Posts 7 Posters 948 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Mike DavisM
      Mike Davis
      last edited by

      Anyone look in to encrypting files synced with One Drive for Business or Google Apps that are synced with the local hard drive? Is bit locker pretty much the most straight forward way of dealing with that?

      For those that have deployed bit locker, if a hard drive won't boot and you can't repair it, is there any way to get files off the drive if you slave it in another machine?

      1 Reply Last reply Reply Quote 1
      • scottalanmillerS
        scottalanmiller
        last edited by

        You are only looking to encrypt them locally, not when hosted?

        Mike DavisM 1 Reply Last reply Reply Quote 0
        • scottalanmillerS
          scottalanmiller
          last edited by

          Bitlocker is fine if you only want to encrypt them part of the time. VeraCrypt is likely good if you want to encrypt them all of the time.

          1 Reply Last reply Reply Quote 0
          • Mike DavisM
            Mike Davis @scottalanmiller
            last edited by

            @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

            You are only looking to encrypt them locally, not when hosted?

            No, I want them encrypted in both locations. This is to meet requirements of HIPAA / insurance companies.

            scottalanmillerS JaredBuschJ 3 Replies Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Mike Davis
              last edited by

              @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

              @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

              You are only looking to encrypt them locally, not when hosted?

              No, I want them encrypted in both locations. This is to meet requirements of HIPAA / insurance companies.

              Then Bitlocker isn't an option. No whole disk is. You have to encrypt the files, not the disk.

              1 Reply Last reply Reply Quote 1
              • JaredBuschJ
                JaredBusch @Mike Davis
                last edited by

                @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                You are only looking to encrypt them locally, not when hosted?

                No, I want them encrypted in both locations. This is to meet requirements of HIPAA / insurance companies.

                No sync service will be encrypted when authenticated.

                Is ODfB encrypted on disk? No idea, check the MS documentation. You can optionally set that up with things like NextCloud.

                1 Reply Last reply Reply Quote 1
                • coliverC
                  coliver
                  last edited by coliver

                  I don't think Bitlocker does OneDrive encryption. If you tie bitlocker into AD you can do some recovery but it isn't robust and we had issues getting it to work reliably. We are looking at a different direction right now for endpoint encryption because bitlocker just didn't meet our expectations or needs.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Mike Davis
                    last edited by

                    @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                    @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                    You are only looking to encrypt them locally, not when hosted?

                    No, I want them encrypted in both locations. This is to meet requirements of HIPAA / insurance companies.

                    HIPAA absolutely does not require that, though. That's misinformation. Insurance, maybe, but not HIPAA. That doesn't make it a bad idea, but just not a hard requirement.

                    JaredBuschJ 1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch @scottalanmiller
                      last edited by

                      @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                      @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                      @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                      You are only looking to encrypt them locally, not when hosted?

                      No, I want them encrypted in both locations. This is to meet requirements of HIPAA / insurance companies.

                      HIPAA absolutely does not require that, though. That's misinformation. Insurance, maybe, but not HIPAA. That doesn't make it a bad idea, but just not a hard requirement.

                      No, just him not understanding what the requirement is, I bet.

                      Mike DavisM 1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403
                        last edited by

                        So use Bitlocker or DiskCryptor or VeraCrypt (I though VC was dropped because of BL) anyways encrypt the files and send them off.

                        Using BitLocker will decrypt the files when the system boots. Same thing with the alternatives above. Using something like DC or VC you can encrypt the files and send them anywhere to be decrypted.

                        Bitlocker I don't believe has this kind of ability without the recovery key.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • Mike DavisM
                          Mike Davis @JaredBusch
                          last edited by

                          @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                          HIPAA absolutely does not require that, though. That's misinformation. Insurance, maybe, but not HIPAA. That doesn't make it a bad idea, but just not a hard requirement.

                          Maybe I wasn't clear. Microsoft says that One Drive files are encrypted in the blob store in the cloud. If my mobile users have those files synced to their laptops, wouldn't I need to have drive encryption or something on, so if the laptop was stolen patient information wouldn't be accessible?

                          coliverC scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @DustinB3403
                            last edited by

                            @DustinB3403 said in encrypted at rest - one drive for business / Google Apps for business:

                            So use Bitlocker or DiskCryptor or VeraCrypt (I though VC was dropped because of BL) anyways encrypt the files and send them off.

                            Microsoft had BL long, long before they started helping with VC.

                            https://veracrypt.codeplex.com/

                            1 Reply Last reply Reply Quote 0
                            • coliverC
                              coliver @Mike Davis
                              last edited by

                              @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                              @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                              HIPAA absolutely does not require that, though. That's misinformation. Insurance, maybe, but not HIPAA. That doesn't make it a bad idea, but just not a hard requirement.

                              Maybe I wasn't clear. Microsoft says that One Drive files are encrypted in the blob store in the cloud. If my mobile users have those files synced to their laptops, wouldn't I need to have drive encryption or something on, so if the laptop was stolen patient information wouldn't be accessible?

                              You can do Bitlocker (Full disk encryption) or you can use something like Veracrypt to do file encryption. Either one would work. If you're doing FDE then you should have a backup mechanism to recover files. It's much easier to just re-image the disk then fight with an encrypted OS.

                              scottalanmillerS 1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Mike Davis
                                last edited by

                                @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                                @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                                HIPAA absolutely does not require that, though. That's misinformation. Insurance, maybe, but not HIPAA. That doesn't make it a bad idea, but just not a hard requirement.

                                Maybe I wasn't clear. Microsoft says that One Drive files are encrypted in the blob store in the cloud. If my mobile users have those files synced to their laptops, wouldn't I need to have drive encryption or something on, so if the laptop was stolen patient information wouldn't be accessible?

                                You SHOULD do that, absolutely. But you should never let patient records go to laptops at all, IMHO. Why do they need to be carrying around sensitive data of that nature? ANd while it's smart, it's not a HIPAA requirement. Would you get in HIPAA trouble for not having it? Yes, but only because you are violating basic industry security, not because HIPAA requires data encrypted at rest. If you fixed having patient data sent to volatile, mobile laptops you'd fix the issue more. If an encrypted laptop was stolen loaded with patient data, you could still be in the same HIPAA predicament depending on the judge and expert witness.

                                BRRABillB 1 Reply Last reply Reply Quote 1
                                • scottalanmillerS
                                  scottalanmiller @coliver
                                  last edited by

                                  @coliver said in encrypted at rest - one drive for business / Google Apps for business:

                                  @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                                  @scottalanmiller said in encrypted at rest - one drive for business / Google Apps for business:

                                  HIPAA absolutely does not require that, though. That's misinformation. Insurance, maybe, but not HIPAA. That doesn't make it a bad idea, but just not a hard requirement.

                                  Maybe I wasn't clear. Microsoft says that One Drive files are encrypted in the blob store in the cloud. If my mobile users have those files synced to their laptops, wouldn't I need to have drive encryption or something on, so if the laptop was stolen patient information wouldn't be accessible?

                                  You can do Bitlocker (Full disk encryption) or you can use something like Veracrypt to do file encryption. Either one would work. If you're doing FDE then you should have a backup mechanism to recover files. It's much easier to just re-image the disk then fight with an encrypted OS.

                                  OneDrive would presumably be that mechanism.

                                  1 Reply Last reply Reply Quote 0
                                  • scottalanmillerS
                                    scottalanmiller
                                    last edited by

                                    Let's back up. Security is good, but the best security comes from good design. Back up... why is data being sent out for people to take home?

                                    1 Reply Last reply Reply Quote 1
                                    • Mike DavisM
                                      Mike Davis
                                      last edited by Mike Davis

                                      They are taking laptops to schools (where they work on site) and occasionally home visits where they don't have good enough wifi to get a stable VPN connection. I have thought about portable hot spots, but there are some locations where those don't work either.

                                      scottalanmillerS 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @Mike Davis
                                        last edited by

                                        @Mike-Davis said in encrypted at rest - one drive for business / Google Apps for business:

                                        They are taking laptops to schools (where they work on site) and occasionally home visits where they don't have good enough wifi to get a stable VPN connection. I have thought about portable hot spots, but there are some locations where those don't work either.

                                        So they are forced to have the data local because there is no means of accessing the data on the servers at the time of use? That's really crappy.

                                        1 Reply Last reply Reply Quote 0
                                        • scottalanmillerS
                                          scottalanmiller
                                          last edited by

                                          Assuming Windows, I'd probably just use bitlocker then and really lock down the machines. The issue is laptop theft in this case, and that works pretty well. Set the laptop to burn if someone tries to break in, no critical data there.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            You have two basic security vectors to deal with. Someone stealing the laptop and someone stealing the hard drive out of it. If you stop someone from logging in effectively, that protects that vector. If you encrypt the whole hard drive that stops the other. BL should work fine and be transparent to the end user.

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 1 / 2
                                            • First post
                                              Last post