Avid Pro Audio Community - Disk encryption

Avid Pro Audio Community (https://duc.avid.com/index.php)

- Pro Tools TDM Systems (Mac) (https://duc.avid.com/forumdisplay.php?f=11)

- - Disk encryption (https://duc.avid.com/showthread.php?t=148004)

I have been asked by a client, who wants their upcoming project to be very secure, if there is any way of being able to run ProTools real time with an encryted firewire drive.
Has anyone had to do this?

Re: Disk encryption

The best solution will be a get a hardware encrypted case, like those you can find at www.cooldrives.com. I have three 40-bit cases. Since the hardware is being encrypted on the fly via hardware, it is seen just fine by ProTools, works just fine. Plenty fast too.

You have to have the key in the drive for it to start up, so it's pretty secure. Without the key, the drive won't boot, and the information is encrypted anyway, so even if it's stolen, no-one can get at it. The key doesn't have to be in the drive all the time, just on startup.

Cases are about $100 a piece I think. Mount any drive you want. I've been very happy with mine.

Re: Disk encryption

I am not a computer expert per-se, but your client probably isn't either, so these ideas might not help so much as making your client feel better and safer.

You could also take the extra precautions of locking up the drives overnight in a fireproof safe and unhooking the computer from the internet and/or network. Obviously, don't put anything on a server, if possible, even a protected one.

The other thing to do is to make sure that no one gets any listening copies, or if they must, keep close track of them. I had a similar situation many years ago with a high profile client who had problems with music getting leaked (pre-internet). After taking extensive steps to make sure that everything was safe, we eventually found that one of the band members never could find the copies of roughs that we gave him.

Re: Disk encryption

secure from what?

you can be secure from a network by disabling all network functions form the protools machine.
you can only record to an external drive(s) and remove the drive(s) when session is done and lock the drives up in a safe

you can't prevent an over-eager intern or even a staff engineer if they want to get in trouble, like the guys who got arrested for leaking star wars III -- see the Variety link.

so, what kind of "secure" are we talking about?

Re: Disk encryption

The security on this has to go beyond the norm (and we are used to high security for some of our clients and projects). In this case disks are going to have to leave the secure studio environment and we will not be able to control the security at the destination. There is also a perceived risk in the transportation of drives between the studio and the destination. As the project is ongoing, we will need to work with the material at the destination and so making encrypted archives and low level formatting the drives is not a solution.
Hard disk hardware based encryption seems to be the way to go, but I was not sure if there would be a big peformance hit in terms of track count and the like. What about the recommendation of Oxford chipsets for optimum ProTools performance?
I presume that as the file system is visible to the OS then there would not be a problem in creating 'smart' backups on another (encrypted) drive.
I could imagine that Disk Warrior would have trouble in correcting any disk directory problems so backing up will be very important.

Re: Disk encryption

I have used products from subrosasoft

Maybe this is where you need to go...

In my opinion, if you can't trust the people in your control room, you have bigger problems than drive encryption can solve.

As for transporting the data, put it in a box with tamper-evident seals.

We routinely serialize our ref CDs, and we put ISRC codes on every mix. I love it when I bust someone for trying to sell a pre-release on ebay (it happens on every release- I once had to fire a much loved engineer for selling a pre-mastered copy of a big release). We're registered eBay "VeRO". Do you not trust the person unpacking the box of drives?

I think responsible drive handling and password protected backup tapes with secure storage should cover most any situation, short of government or DOD contracts. Add a mandatory NDA and employment contract for anyone within earshot of the control room, and you'd think you'd be ok... but I guess some people will steal anything, anytime, so I guess you do what you have to do... best of luck...

Re: Disk encryption

Just to re-emphasise, it is not security at our end that is the problem. This is a project that is even being limited to the number of people who are allowed to even hear the material.