Full disk encryption (FDE) solutions are more important than ever. With data breaches costing organizations both significant dollars and reputational damage, IT admins aren’t willing to take the risk of a lost or stolen laptop with unencrypted confidential data. For example, the average data breach typically costs a company $3.86M, and when the stakes are this high, it’s important to operate with vigilance. One way that IT admins are being proactive is that they’re implementing FDE tools like BitLocker on Windows® and FileVault® 2 on macOS®. But, before we go any further we must first ask, what is Bitlocker management and similar solutions that can help IT admins execute on FDE?
Microsoft®introduced their FDE utility many years ago and dubbed it BitLocker. This utility encrypts hard drives while they are at rest. All a user has to do is enter their password to decrypt the hard drive. From an end user’s perspective, it’s a seamless experience. For IT admins, it’s also pretty easy to enable FDE for individual users. But, across an entire enterprise, the challenge ratchets up quickly. When you consider that most IT environments are not homogenous, the ability to remotely execute commands across entire computing fleets to enable FDE is not a simple task. And, once FDE is enabled, another challenge confronting IT admins stems from password management. IT admins know that a forgotten password can spell disaster for endpoints protected by FDE solutions, because the problem represents lost data and downtime for users.
The Key to a Forgotten Password
Luckily, for users that have forgotten their password, both BitLocker and FileVault create recovery keys to decrypt drives where the need arises. So, while that’s welcome news for the user, the process of storing recovery keys is a major hassle for IT admins. The reason recovery key storage represents a hardship for IT admins is that it is a very manual process and one rife with insecure practices. IT admins could write down all the recovery keys and keep them hidden in a file cabinet. Or, they could (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Ryan Squires. Read the original post at: https://jumpcloud.com/blog/security/bitlocker-management/