The BitLocker full disk encryption (FDE) tool has easily become an indispensable feature of the Windows® operating system. With lost and stolen laptops with confidential data costing some organizations tens of millions of dollars in fines, enabling full disk encryption can be a simple, yet dramatically valuable safeguard. Of course, the challenge of FDE facing today’s IT admins is the ability to manage BitLocker enablement and recovery keys at scale. The good news is that a remote BitLocker management tool is available to simplify the process.
What is Full Disk Encryption (FDE)?
Full disk encryption is a feature of both Windows and macOS® to help IT admins protect their organization’s data. By using FDE, the hard drive is put into an encrypted state while at rest, and then decrypted by authorized users when needed. This decryption is done by entering the user’s system password, or via a unique recovery key which is generated per encrypted drive.
There is a bit of overhead for the user with slightly slower login times, but the benefits of protecting the data far outweigh that downside. Of course, the efficacy of FDE is partially reliant upon the end user’s ability to remember their system password. And, while an IT admin can use an associated recovery key to decrypt the volume in the case of a forgotten password, managing individual recovery keys is increasingly challenging as an organization scales.
Without a key escrow system to securely manage recovery keys, the disk’s data can be completely lost. Due to this, a Bitlocker management tool is essential for proper FDE enforcement.
Approaches to Bitlocker Management
When it comes to leveraging Bitlocker across entire Windows fleets, there are several approaches to management. Of course, IT admins can always elect to do so manually, seeking out each individual’s system, enabling Bitlocker, and escrowing the associated recovery key by hand. While this approach is easier done by smaller businesses, the process becomes arduous with more users involved. For these larger companies, as well as SMBs, finding remote Bitlocker management may be the best bet.
Remotely managing the enablement of (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Zach DeMeyer. Read the original post at: https://jumpcloud.com/blog/remote-bitlocker-management/