Encrypting data on portable devices

Many users use portable devices (such as USB hard drives or USB memory sticks) to store research data, whether this is to allow the data to be portable or serve as an additional backup device.

One of the major risks with using these portable devices is that if the device is ever lost, stolen or borrowed, it is easy to access to any research data that is stored on the device.  Obviously some data might be considered “open” and happily shared around, but if the data is confidential in nature, containing ethic information or holds valuable intellectual property, then is it critical that this data is securely stored so that if it ever got into the wrong hands, the data cannot be easily accessed.

To secure data on portable devices, it is recommend to encrypt the devices using a data encryption tool.

It should be noted that when using any type of data encryption, it is critical that you use a hard to "guess" password.  Secondly, you will need to ensure that the password you are using is remembered and stored in a safe place (storing it on a sticky note on the device really defeats the purpose of using encryption)!  Unlike user accounts and many other web systems, if the password is forgotten, there is no process to change or retrieve the password.  In the event that the password cannot be remembered, consider the data stored within the encrypted device lost forever. 

The following information provides instructions on data encryption which can be enabled on portable devices.

Before getting started it is important to note the following

  • Microsoft BitLocker is proprietary software and will only work on Microsoft Windows computers – therefore the encrypted data will not be able to be accessed from an Apple Mac or Linux Computer.  If you wish to use the portable device on different platforms, this method is not suitable for this purpose.
  • Microsoft BitLocker is only available for select editions (Ultimate and Enterprise) of Windows Vista and later.  Thus Microsoft BitLocker should be available on all CQUniversity computers that have the managed environment installed on it.  But if you are using Windows Home Edition on a personal computer, it is most likely that you will not be able to access the encrypted data on the portable device.  It should also be noted that you cannot download this software to make it work on the other versions of the operating systems.  This can only be achieved by upgrading the version of the operating system to a higher version (this will come at a cost).
    • It should be noted that all the documentation on Microsoft BitLocker highlights that it will only work on the Ultimate and Enterprise versions of the Windows operating system, but limited testing has identified that if the device is encrypted using the mentioned versions, the encrypted device is able to be read and written to a Windows 7 Professional and Windows 7 Home Premium versions.  This may not be the case for all versions and therefore it is recommended to try a test encrypted USB memory stick to ensure it works across the platforms required, before encrypting all of your portable devices.

Encrypting portable device using BitLocker instructions

  • Go to Control Panel and open "BitLocker Drive Encryption
Windows control panel with the Bitlocker drive encryption selected to be opened
  • Select the device you wish to encrypt select the "Turn On BitLocker" on the device you wish to encrypt.  In the example image below, the Seagate device was selected.
BitLocker Drive Encryption control panel
  • The simplest method is to "Password protect" a device.  Simply select the "Use a password to unlock the drive" and enter a Password. It is critical that you use a hard to "guess" password.
BitLocker Drive Encryption program where asks to choose between using a password or a smart card to unlock the drive
  • Ensure that the password you are using is remembered and stored in a safe place (storing it on a sticky note on the device really defeats the purpose of using encryption)!  Unlike user accounts and many other web systems, if the password is forgotten, there is no process to change or retrieve the password.  In the event that the password cannot be remembered, consider the data stored within the encrypted device lost forever. 
BitLocker Drive Encryption window where asks you to type your password to unlock the drive
  • Once a password is entered, there is the option to save the recovery key to a file or print the recovery.  Obviously these details need to be saved in a secure location, otherwise this information can be easily used to unlock the encrypted data.
The BitLocker Drive Encryption program asks you to choose how you want to store your recovery key, giving options between saving it to a file or printing it.
  • An option to keep a record of this recovery key is to print the key as a PDF document.  But again, keep this in a safe and secure place.
A print program displaying the selected Adobe PDF option to print
  • An example of the Recovery Key can be seen in the image below.
BitLocker Drive Encryption Recovery Key PDF file open on Adobe Reader
  • Once you are ready to encrypt the drive, select the "Start Encrypting" button to proceed.  It should be noted that depending on the size of the drive, this process can take quite a while.  For example, it took 3.5 hours to encrypt a 1TB drive using a laptop.
BitLocker Drive Encryption program where asks if you are ready to encrypt this drive
A BitLocker Drive Encryption server installation bar showing the progress of installation
The installer model for BitLocker Drive Encryption setup showing the installation bar is 96.5% completed.

 

Accessing a portable device using BitLocker

  • Simply connect the portable device into a windows computer (running one of the select editions (Ultimate and Enterprise) of Windows Vista and later).  Once you try to access the device (E: in the example image below), you will be then be asked to enter the password to unlock the device.
data encryption program pop up message informing you that this drive is protected by BitLocker Drive encryption with a enter password prompt below
  • Once the device is unlocked, you can then use it like a normal "unencrypted device".

Managing an encrypted (BitLocker) device

  • Once the device is unlocked, you can manage some BitLocker options by right clicking on the device and selecting the "Manage BitLocker..." option.
Administration centre systems for Windows showing your computer configurations with the Manage Bitlocker option selected
  • This allows you to change the password, remove the password and a variety of other options.
BitLocker Drive Encryption program displaying five options to manage the drive

Additional information on BitLocker