2

Do files encrypted by BitLocker on Windows 10 Pro remain encrypted after being backed up to OneDrive or another cloud storage service?

Improve this question

3 Answers 3

Reset to default
6

BitLocker is a full disk encryption feature, which means that your drive or volume is encrypted as a whole, not individual files. If you move or copy a file away from that encrypted drive, it is no longer encrypted.

So backing it up to OneDrive or any other place means it is no longer encrypted.

The cloud storage may use full disk encryption itself, but at least during transport the file is not encrypted.

There are other solutions if you need full end-to-end encryption for individual files.

Improve this answer
3
  • How do I know if OneDrive is full disk encryption or not?
    – E Zhang
    Commented May 28, 2016 at 9:51
  • 1
    We don't know, I don't think Microsoft is telling. There isn't really a point either. If they encrypt their drives, they also have the keys for it, not you. And because you upload your files unencrypted, if they want to they could always inspect your data before saving it (if they really want to)
    – Peter Hahndorf
    Commented May 28, 2016 at 14:24
  • 1
    This means that cloud storage is not reliable if files are not encrypted. Once cloud is breached for whatever reason, files will be exposed. So we are better use personal storage.
    – E Zhang
    Commented May 29, 2016 at 1:42
1

Only if the cloud storage is also encrypted. The reason is that after you boot up Windows (and enter your password), but before the backup happens the files are decrypted.

Compare it to copying the files to a USB drive.

Improve this answer
3
  • What do you mean cloud storage is also encrypted? Let say that I backup encrypted files to one drive. I think the files on the one drive are also encrypted, right?
    – E Zhang
    Commented May 28, 2016 at 8:42
  • Any respectable cloud provider will encrypt their files, yes.
    – Mikael Kjær
    Commented May 28, 2016 at 9:42
  • @MikaelKjær - You might want to go into more depth of what they do exactly. While your files are encrypted, and can only be accessed if you share them, Dropbox could access your files for instance since they hold the keys to the encryption. So could Microsoft and Google honestly. There are other cloud services that allow you to encrypt the file BEFORE you upload it to the provider.
    – Ramhound
    Commented May 28, 2016 at 15:05
0

You will want to use a cloud storage provider that supports End-To-End encryption like Spideroak or Sync.com as bit locker only encrypts files on your physical drive.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .