Remote BitLocker Management

BitLocker Management Done Remotely (abstract photo)

The BitLocker full disk encryption (FDE) tool has easily become an indispensable feature of the Windows® operating system. With lost and stolen laptops with confidential data costing some organizations tens of millions of dollars in fines, enabling full disk encryption can be a simple, yet dramatically valuable safeguard. Of course, the challenge of FDE facing today’s IT admins is the ability to manage BitLocker enablement and recovery keys at scale. The good news is that a remote BitLocker management tool is available to simplify the process.

What is Full Disk Encryption (FDE)?

Full disk encryption is a feature of both Windows and macOS® to help IT admins protect their organization’s data. By using FDE, the hard drive is put into an encrypted state while at rest, and then decrypted by authorized users when needed. This decryption is done by entering the user’s system password, or via a unique recovery key which is generated per encrypted drive.

There is a bit of overhead for the user with slightly slower login times, but the benefits of protecting the data far outweigh that downside. Of course, the efficacy of FDE is partially reliant upon the end user’s ability to remember their system password. And, while an IT admin can use an associated recovery key to decrypt the volume in the case of a forgotten password, managing individual recovery keys is increasingly challenging as an organization scales.

Without a key escrow system to securely manage recovery keys, the disk’s data can be completely lost. Due to this, a Bitlocker management tool is essential for proper FDE enforcement.

Approaches to Bitlocker Management

When it comes to leveraging Bitlocker across entire Windows fleets, there are several approaches to management. Of course, IT admins can always elect to do so manually, seeking out each individual’s system, enabling Bitlocker, and escrowing the associated recovery key by hand. While this approach is easier done by smaller businesses, the process becomes arduous with more users involved. For these larger companies, as well as SMBs, finding remote Bitlocker management may be the best bet.

Remotely managing the enablement of (Read more...)

*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/remote-bitlocker-management/

Zach DeMeyer

Zach DeMeyer

Zach is a writer and researcher for JumpCloud with a degree in Mechanical Engineering from the Colorado School of Mines. He loves being on the cutting edge of new technology, and when he's not working, he enjoys all things outdoors, making music, and soccer.

zach-demeyer has 241 posts and counting.See all posts by zach-demeyer