Full Disk Encryption using Microsoft BitLocker

“One of our laptops were stolen! Please help!” Our help desk here at Applied Tech has heard those panicked words from our customers a few times.  All too often, the ramifications of losing company assets aren’t considered until after the fact.  The loss of the capital expenditure is bad enough, but sometimes the data stored on the hardware is much more costly.  Add in the cost of fines and fees associated with data breaches, especially for regulated industries like healthcare (HIPAA), financial services (GLBA), and credit card processing (PCI-DSS), post-incident investigations and auditing, and bad publicity, and you can see the theft is just the tip of the iceberg.

A first step your company can take to prevent data from falling into the wrong hands via physical theft is Full Disk Encryption (FDE).  There are several options of software to choose from for this, and one of the most popular options for businesses is Microsoft BitLocker, a feature built into Windows 8.1 and Windows 10 Professional and Enterprise Editions.  Leveraging a PIN, password, and/or TPM (Trusted Platform Module) chip, BitLocker renders a computer’s hard drive unreadable to anyone without the decryption key, or if it is installed on another PC.  This prevents the thief from booting into another operating system to reset the password, or attaching the hard drive to another PC to read its data.  Sure, the thief can wipe the hard drive clean and reuse it, but at least the data is safe.  BitLocker may also be used to enforce encryption of USB hard drives, thumb drives, flash cards, and other removable storage.

From an employee’s perspective, the PC simply prompts to enter a PIN or password after powering on before booting into Windows.  If BitLocker is protected with TPM-only, the encryption is completely transparent to the user, with no prompts for a PIN or password (however, this offers less protection than if TPM is used in conjunction with a PIN or password).  Meanwhile, a copy of the decryption key is backed up in Active Directory, in case the computer user forgets the password, if IT needs to perform data recovery from a damaged computer, or if the employee leaves the company on unfriendly terms.

 

Microsoft also provides a server-side component of BitLocker, called Microsoft BitLocker Administration and Monitoring Server (MBAM, not to be confused with the popular anti-malware software that shares the same acronym.)  MBAM allows automated deployment of BitLocker to all compatible PCs on the network, including PCs added to the network at some point in the future.  It also provides a means of self-service key recovery, so employees who forget their password don’t need to contact IT to get logged in.  Finally, it provides reports of BitLocker compliance, which is useful for auditing the use of BitLocker on your network, and providing evidence to auditors if and when a theft does occur that you have done due diligence in preventing a data breach.

While other preventative measures are still required for common threats like malware, ransomware, or phishing attacks, Full Disk Encryption such as BitLocker is a simple, effective, and important piece of the information security puzzle.  If information security is at the top of your radar, you might also be interested in the following topics:  Endpoint protection, software patches, principle of least privilege, backups, Unified Threat Management (UTM) firewalls, Data Loss Prevention (DLP), Mobile Device Management (MDM), or Multi-Factor Authentication (MFA).

For more information, and if you are interested in keeping your devices safe and secure, reach out to Applied Tech at (608)729-1300.

The Resource Hub

Get Complete Managed Services Insights

Visit our Resource Center for up-to-date news and stories for technology and business leaders.

Employee Spotlight: Nick Tesi

Employee Spotlight: Nick Tesi

This month we are shining a spotlight on one of the outstanding members of the Applied Tech team, Nick Tesi. Nick brings a wealth of experience and a diverse skill set to his role, making him an invaluable asset to our organization. Nick’s journey to his current position as vCIO and Account Manager at Applied Tech is nothing short of remarkable. His career path has included various roles such as...

Password Managers: Simple, Necessary Protection For You and Your Business

Password Managers: Simple, Necessary Protection For You and Your Business

The standard internet user will access several websites and applications on any given day. Each one of these different accounts will highlight the importance of not repeating passwords, and many even require a combination of letters, numbers, and symbols. The trouble with this, however, is that if we were to have a unique password for each online account that meets the complexity requirements,...

Employee Spotlight: Tyler Chatterton

Employee Spotlight: Tyler Chatterton

This month, we are proud to shine the spotlight on Tyler Chatterton, a valued member of the Applied Tech team serving as a Marketing Specialist. Tyler’s journey into Applied Tech was paved by his roles as a Digital Marketing Specialist and later as a Digital Marketing Team Lead at the Wisconsin Innovation Service Center. These experiences not only honed his skills but also seamlessly prepared...

Applied Tech Achieves Remarkable MSP Rankings in Wisconsin and Colorado

Applied Tech Achieves Remarkable MSP Rankings in Wisconsin and Colorado

Denver, CO – August 2023 – Applied Tech emerges as a true standout, securing the #2 MSP ranking in Wisconsin and #3 ranking in Colorado in the 2023 Channel Futures MSP 501 list. This remarkable recognition underscores Applied Tech’s unwavering commitment to delivering cutting-edge managed and co-managed IT services and cybersecurity solutions. The Channel Futures MSP 501 list stands as a beacon...

Three IT Service Techs Working

Move Forward with IT Services for Business

Use managed services for small and mid-sized businesses that help you reach your goals.

Work With Us