BitLocker Drive Encryption (What is it and How Secure is it?)
Contents
Microsoft enhanced BitLocker drive encryption to offer IT professionals stronger protection against security threats. These improvements provide better encryption and safeguard against unauthorized access. With the rise of portable computers, laptops face higher risks of loss or theft. End users often prioritize convenience, storing sensitive data without considering security risks. To avoid penalties and reputational damage, companies must comply with data protection laws, as highlighted by high-profile breaches like Target’s.
What is BitLocker Drive Encryption?
BitLocker drive encryption was first introduced by Microsoft in Windows Vista. It is a full-featured drive encryption option for protecting computers from attacks to which a system is vulnerable when the attacker has physical possession of the computer.
In Windows 7 Microsoft introduced BitLocker To Go, which added the ability to encrypt removable drives including USB flash media and external hard drives, making this a great option when comparing external hard drive vs cloud for various requirements. The deployment process was also improved to automatically leverage Microsoft’s Active Directory environment. BitLocker uses the Advanced Encryption Standard (AES) encryption algorithm with a 128-bit or 256-bit key. AES is the encryption algorithm adopted by the U.S. government.
Microsoft improved BitLocker deployment and management with Windows Server 2012, making it more accessible for IT security teams. BitLocker now works with Windows 8, Windows 8 Pro, Windows 8 Enterprise, and all Windows Server 2012 versions, expanding its compatibility across platforms.
Enhancements to BitLocker in Windows
Self-Encrypting Drive Support
In previous versions of BitLocker, the technology did not support the use of a hardware-encrypted hard drive as the boot drive. This has changed, and now you can use drives with built-in hardware encryption (often called Self-encrypting drives or SEDs).
A wide variety of drive types are supported, including IDE, ATA, SATA, eSATA, SAS, and SCSI, as well as IEEE 1394 and USB. Windows Server 2012 takes it a step further and supports BitLocker on Fiber Channel and iSCSI drives. You can also use BitLocker with hardware-based RAID arrays (but not software-based RAID).
BitLocker is a Network Unlock
Another feature in the Windows 8 and Server 2012 version of BitLocker is network unlock.
The network unlock feature targets enterprise systems on a Windows domain. It automatically unlocks BitLocker-protected drives when the computer reboots, as long as it’s connected to the corporate network via wired connection. This feature does not work with Wi-Fi or remote connections.
Connecting BitLocker to a trusted network reduces issues like users forgetting PINs or USB keys when onsite. It also simplifies patch rollouts and updates for BitLocker-protected desktops. However, organizations can boost security by requiring PINs or USB keys for access, even on the corporate network.
BitLocker Pre-Provisioning
Windows 8 and Server 2012 enhance BitLocker’s enterprise features by allowing pre-provisioning before OS installation. Leveraging Active Directory, IT professionals can configure systems for seamless BitLocker deployment. This streamlines setup for secure environments and ensures devices are protected from the start.
Protect Boot Process Integrity
BitLocker enhances security by protecting the boot process integrity. If unauthorized tampering occurs, such as a Trojan installation, the system will trigger the BitLocker recovery environment.
BitLocker Drive Encryption Experts
BitLocker and BitLocker to Go are strong solutions to protect data on lost or stolen laptops and USB devices from unauthorized access. High-profile breaches continue to rise, making BitLocker a vital tool for securing sensitive information. For effective data protection, consider implementing BitLocker and BitLocker to Go across your organization’s devices.
If you have further questions on how your company could implement BitLocker, or if you would like assistance with one our BitLocker drive encryption service, we invite you to request a free consultation or call us.
We’d be happy to help make sure that your business is meeting industry standards for both compliance and security.
