Securing data on any medium in OS X

There are several options available for securing the contents of documents when transferring them between computers, each of which may have its own benefits and drawbacks.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
4 min read

With computing devices not only becoming smaller and more portable but also holding a lot more data, the security of that data is more of a concern. While in the past a lost floppy disk might have held a few important files, some people keep their entire home directories and other large collections of data on small portable hard drives, thumbdrives, and even online disks.

The use of various forms of storage media is not a problem, but if you lose your drive or decide to erase confidential data, in some situations your data may not be fully secured. As mentioned in a recent Macworld article discussing security on hard disks and solid-state drive SSD media, even though there are technological advances in some drives that can fully erase a drive's contents, the effectiveness of these can depend on their implementation in software. In tests, some drives that have undergone various "secure erase" routines have ended up still containing recoverable data.

If you are at all concerned about the safety of your confidential data, be sure to consider the options available to you. While there are numerous ways to lock drives and files, unless a file's contents are encrypted then the measures used to lock the data can be circumvented and the file's contents recovered. Because of this, the only way to truly guard data against recovery by unintended sources is to encrypt it.

File-level encryption
One method is to secure files using file-level encryption that may be available in the program you are using. These options are usually available when you save the file, and have the benefit of being compatible across platforms with the same application. The drawback to this approach is that not all of these document-securing methods are the same, and some may still leave some metadata or other information available to read. Additionally, even though a file may be secured with a password, it is not necessarily encrypted. Check with your program's developer to see if applying a password just locks the file or fully encrypts it.

Be sure to set the disk image to use 'no partition map' if you want the image to resize according to its contents.

Folder-level or filesystem-level encryption
The next option is to save your data using a folder-level encryption scheme. This is the most common form of encryption in OS X, and can be seen in the use of encrypted disk-image files created using Disk Utility. In disk images, file structures in their entirety are secured by being placed in an encrypted environment, which when opened will appear as a separate disk on your Mac.

There are a variety of different disk image options in OS X for storing data, but ultimately there are three types. The first is a classic read/write disk image that is set at a specific size when created. The second is a "sparse" disk image that can be dynamically sized based on the data it contains. The third is a modified sparse image called a "sparse bundle" which is the same in function as a sparse image, but stores the data in small bundles called stripes, making it easier to back up using Time Machine since only changed stripes need to be backed up.

Keep in mind that sparse disk images can only be dynamically resized if they are left unpartitioned; if you partition the image you will set it at a specific size. Therefore, when creating a resizable image do not create a partition, and the image will be the size of its contents as you add and remove files from it.

With files stored in a disk image, you can transfer the image to any medium, be it online, a flash drive, or an external hard disk, and ensure that the data will be safe from anyone who does not have the password needed to open the image, even if it is recovered in full from an external drive.

The main problem with using a disk image is that they are slightly more cumbersome than copying files directly to an external disk. In addition, having numerous files in one image increases the potential for problems with the image to prevent anyone from reading or recovering them, including you. Be sure you properly back up images if you decide to keep your files in them.

Disk-level encryption
The final option is to use a disk-level encryption scheme such as those from Buslink that, like folder-level encryption, applies an encryption wrapper to all the files stored on the disk. These options are less popular than folder-level encryption because they sometimes require hardware support, or specific programs or hardware (such as keys) that will interact with the disk's encryption scheme to unlock it.

While these disks may be cross-platform-compatible, they are more expensive than using folder-level encryption and are no more secure. One way you can create a setup similar to disk-level encryption is to create a dynamically sized encrypted disk image on an external drive and only use that to store your data.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.