Using BitLocker? Here’s how to reap its benefits
4 October 2018
Garry McCracken, VP of Technology Partnerships at WinMagic, outlines the hidden gems that BitLocker can help any organisation with, when paired with the right tools.
BitLocker is great solution, doing the focused work it specialises in brilliantly: delivering fast, integrated encryption protection for Windows environments. But BitLocker only covers Windows devices and also requires tools to enforce and prove compliance in the case of device loss or theft.
I doubt your enterprise operates on only one platform or restricts data access to just corporately owned devices. So, it makes sense that relying solely on the native encryption protection offered by BitLocker will leave you with significant security and compliance gaps.
That is not to say that BitLocker is bad, in fact far from it. Pairing it with the right tools is the way to unlock the true hidden gems that can be enabled with this foundational piece of Microsoft technology and bring a number of significant benefits to your organisation. Here is a whistle stop tour of four of these gems, waiting to be discovered.
Also of interest: Polymorphic malware – how to protect against the shape-shifting threat
Making BitLocker work for compliance
Let’s be frank: the main reason anyone deploys encryption is compliance. It’s the number one driver for new installations and with the General Data Protection Regulation now live, it continues to be a top IT concern. Because BitLocker doesn’t come with centralised management, visibility and control, you can’t use it to prove encryption protection, in the way regulators require.
Any user with privileged administration rights can tamper with encryption settings and disable BitLocker, for malicious reasons or just because they find the complex PIN access obstructive or irritating. Using the right management tools can enhance the user experience and improve the security of BitLocker in such a way that compliance can be monitored across the Windows estate and other operating systems present in the infrastructure from a single console.
Also of interest: Patching vulnerabilities: which should you prioritise?
Take back control of encryption costs
Managing encryption keys is seriously difficult and costly across today’s typically complex IT infrastructure. Managing BitLocker with its own tool set requires an investment in multiple new servers and hardware drivers – BitLocker might be free, but those items are not.
The way in which that encryption environment is managed is the key to its success, can cut costs and reduce downtime, driving up the productivity of help-desk and IT admin staff, as well as employees when they encounter problems.
BitLocker’s own management tools fall short in this regard, but replacing them with a third party tool can lead to improvements that more than cover the costs of the tool and improve the quality of protection and level of compliance the organisation achieves.
Also of interest: Worried about cryptojacking? Here’s what you need to know
Manage diverse and growing endpoints
BitLocker is a great foundation for Windows security. However, the lack of centralised management can leave you struggling with huge numbers of low-level help-desk tasks such a password resets. Devices can be geographically dispersed in a way that makes it very difficult to reach them to unlock devices, but BitLocker does integrate well with other software to make this an easy task, wherever the device is and however connected.
Using pre-boot code on the device as part of your management suite creates a secure point, before the device boot process, at which BitLocker can be controlled and managed by administrators. This gives users all the power of BitLocker, without compromising on its usability or tying the hands of administrators when they need to act to resolve problems, or make configuration changes.
Also of interest: How can we manage shadow IT?
Transform user experiences
In this new competitive era, security designed to liberate productivity, not hamper it, is the must-have. As a result, the user now takes a lead role on the security stage.
Some enterprises even elect user groups to help influence and ensure more UX-friendly IT purchase decisions. BitLocker is great for locking down Windows, but it’s not built with the user experience in mind.
In fact, users need to remember lots of different and complex PINs to log on to every single device. There are many options for extending the usability of BitLocker so that seamless access and uptime can be ensured, helping to maintain or even improve productivity for staff.
Also of interest: Podcast on elections and hacking
A gem among gems
BitLocker is a great technology, but alone is not up to the tasks required in the modern enterprise to managing encryption across devices, operating systems geographies and users in a way that ensures compliances and a good experience for users and IT administrators alike.
Without question it is a key component in realising the gems we’ve outlined above, but it needs to be paired with tools that can harness its encryption technology across the enterprise, rather than having it operate in isolation. As we all know in the IT world, the harder we make a task, the more likely it is to fail, or be compromised by attackers and ingenious employee workarounds. When it comes to security and compliance, we cannot allow either of those to happen – the risks are too great.