I'm using a notebook for my work and mostly save my data to the local disc. For security reasons, this drive is encrypted using EFS technology which is build-in in Windows 7. When I'm in the office in Cologne, I'm able to sync my business related data against the file server. But I also carry some personal files on the disk. For these files (like banking data) I searched for a simple solution to save them.
I found Microsoft's service SkyDrive (http://skydrive.live.com), which offers a capacity of 25 GByte for files, photos, videos and documents for free. There is also a tool from Microsoft called Mesh, which can synchronize local folders from different computers with SkyDrive.
Improve Security – But how?
This works well, but I'm not sure if it is a good idea to copy sensitive personal data to the cloud. But what could I do? My first idea was to use an encryption software which can map a virtual drive to an encrypted container.
But there are two disadvantages for this simple solution:
- I must un-map the virtual drive to sync it with SkyDrive
- Most important: If you change a single file you must synchronize the whole container
I decided to write a powershell script which is able to copy a source folder into a target folder file by file and also compress and encrypt each file with 7-Zip (http://www.7-zip.org). I found some sample scripts on the internet but all of them (I found) are missing some key-features I needed for SkyDrive:
- Compress and encrypt each single file (not whole folders) in a target folder
- Include files in subdirectories (recursiv)
- Only update existing files/archives if last-change timestamp differs
- Delete all files/archives in the target folder which are not in the source (like robocopy /MIR)
My powershell script is implemented as a task in Windows Task Sheduler, which runs every hour and syncs my private files from one folder into another:
As you can see, the files in folder "D:\_SYNC-ENCRYPTED\D\Private Data\Our Wedding" have a new extension. In my case .AES.7z, which indicates its encryption and compression.
I configured Windows Mesh to synchronize only my folder with the encrypted files in "D:\_SYNC-ENCRYPTED". This works very well, because only updates to files will result in updated archives.
You can download the script and use it at your own responsibility. Remember that all files in the target directory will be deleted if they not part of the source. If you want to avoid this for testing, set $vSimulateDeletingExtra to $true.
You can start the script in the body (sample is at its bottom) with this parameters (the parameter $ExcludeFilter is not implemented yet):
Mirror-Folder $SourcePath $DestinationPath $EncryptionKey $ExcludeFilter