Encryption and Data Recovery

Encryption is a fantastic tool, and has helped create a more secure environment for business and consumers the world over. But what implications does encryption have for data recovery?

Although encryption brings a whole host of benefits, there is a possibility that you won’t be able to access your data again. In an age of the ‘I forgot my password’ reset features, many people are perplexed when they find they can’t access their data due to misplacing their encryption key. So how does encryption, and why does it present problems when it comes to data recovery? When data is encrypted, the information is taken and scrambled into gibberish using a specific algorithm from software, or by hardware in the case of self-encrypting drives. The only way to convert the data back into its true form is the decryption key; otherwise, it’s lost forever, and data recovery is next to impossible. Password protection is not the same as encryption; passwords can easily be cracked by cyber criminals.

To better understand encryption, let’s discuss the two main types – symmetric and asymmetric. Symmetric encryption uses the same key to decrypt and encrypt the data, and poses a slight security risk as more people will hold the key. With asymmetric encryption, there are different keys for encryption and encryption, known as public and private keys. The private key is the only thing that can decrypt the data you’ve encrypted; if you want to send somebody some encrypted data, you use their public key for encryption, and they use their private key for decryption. But what does this mean for data recovery?

With so many things that can go wrong and cause data loss, like physical failure or a lost encryption key, why would anyone use encryption without a plan in place for data recovery? Simply put, if data recovery was easy, it would defeat the point of encryption entirely. We encrypt data so it doesn’t fall into the wrong hands; if data recovery from an encrypted hard drive was really that easy, is there really any point in the first place? If you truly want your data to be secure, you have to accept that it also needs to be secure from being recovered even by you. There is a dichotomy between data security and data recovery, and you need to decide which is more important to you. Does the average home user really need to encrypt their data? A student, for example, is going to come unstuck if their hard drive fails and the data on it is encrypted, and data recovery is next to impossible. 

