Over the last two decades, full disk encryption (FDE) has evolved from a little-known security feature to an expected industry standard in system security. In order to enforce FDE across an enterprise and do it efficiently, IT has turned to a variety of third-party tools. But while many of these are adequate FDE management solutions to enforce at scale, they’ve all been exclusively for either Mac® or Windows®. For organizations that leverage both, is it possible to enforce full disk encryption for Mac and Windows?
FDE for Mac or Windows
If you’re managing an all Windows environment, then you almost certainly have Microsoft® Active Directory® (AD) as your identity provider. AD comes with about a ton of policies, including ones that control BitLocker, the associated Windows FDE software. Note, even with AD, you’ll need add-ons to manage the recovery keys for BitLocker, which is a critical component of the process of managing FDE.
But chances are, even if you’re a Windows-centric environment, you’ve got a few rogue users out there roaming the hallways with their Macbook® Airs. Not surprisingly, Microsoft AD isn’t known for its seamless management of Apple® devices.
The same is true on the other side of the coin. There are boutique, Mac management platforms that cater specifically to the Mac admin. But none of these are even trying to be a full-on directory service, like Active Directory. Certainly, none of them are taking on Windows management. Additionally, there are only a few solutions that manage FileVault 2, Mac’s FDE suite.
Add in apps, networks, and infrastructure, and IT has been forced to handle an increasingly disparate environment with an increasingly disparate set of tools. Admins are resourceful. Admins adapt and get it done. But admins can’t deny: this approach doesn’t scale. You can’t just keep adding band-aids and expect the end result to be surgical.
Unifying FDE Management for Mac & Windows
For years, there wasn’t an FDE management solution that could bridge the cross-OS gap. That is no longer the case now that JumpCloud® has added policies (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/full-disk-encryption-mac-windows/