Enforce Full Disk Encryption (FDE) for Mac & Windows

Enforce Full Disk Encryption (FDE) for Mac & Windows

Over the last two decades, full disk encryption (FDE) has evolved from a little-known security feature to an expected industry standard in system security. In order to enforce FDE across an enterprise and do it efficiently, IT has turned to a variety of third-party tools. But while many of these are adequate FDE management solutions to enforce at scale, they’ve all been exclusively for either Mac® or Windows®. For organizations that leverage both, is it possible to enforce full disk encryption for Mac and Windows?

FDE for Mac or Windows

FDE for Mac and Windows machines

If you’re managing an all Windows environment, then you almost certainly have Microsoft® Active Directory® (AD) as your identity provider. AD comes with about a ton of policies, including ones that control BitLocker, the associated Windows FDE software. Note, even with AD, you’ll need add-ons to manage the recovery keys for BitLocker, which is a critical component of the process of managing FDE.

But chances are, even if you’re a Windows-centric environment, you’ve got a few rogue users out there roaming the hallways with their Macbook® Airs. Not surprisingly, Microsoft AD isn’t known for its seamless management of Apple® devices.

The same is true on the other side of the coin. There are boutique, Mac management platforms that cater specifically to the Mac admin. But none of these are even trying to be a full-on directory service, like Active Directory. Certainly, none of them are taking on Windows management. Additionally, there are only a few solutions that manage FileVault 2, Mac’s FDE suite.

Add in apps, networks, and infrastructure, and IT has been forced to handle an increasingly disparate environment with an increasingly disparate set of tools. Admins are resourceful. Admins adapt and get it done. But admins can’t deny: this approach doesn’t scale. You can’t just keep adding band-aids and expect the end result to be surgical.

Unifying FDE Management for Mac & Windows

 

For years, there wasn’t an FDE management solution that could bridge the cross-OS gap. That is no longer the case now that JumpCloud® has added policies (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/full-disk-encryption-mac-windows/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 211 posts and counting.See all posts by zach-demeyer