Microsoft Windows Whole Drive Encryption Solution - Worth Considering
February 04, 2019
Microsoft Windows Whole Drive Encryption Solution - Worth Considering
Score 9 out of 10
Vetted Review
Verified User
Overall Satisfaction with BitLocker Drive Encryption
In this world with an increased need for data security and all the compliance initiatives, data and drive encryption has become a necessity. We use BitLocker Drive Encryption (BitLocker) on any Windows server that contains any personally identifiable information (PII), or sensitive personal information (SPI) or Protected health information (PHI). It has become a standard part of our security policy. BitLocker can only be used to encrypt the entire drive in a Windows product and not specific folders. If you see a folder option to encrypt contents to secure data, that is Encrypting File System (EFS) not BitLocker. We also use BitLocker on laptops to protect and secure information in the case of loss or theft.
- Encrypts the entire drive and provides a high level of security.
- In an Active Directory environment, you can set up BitLocker to automatically save keys to AD.
- As part of Windows, no additional licensing costs.
- Set up and configuration is relatively easy.
- Uses TPM module to increase security.
- There is a read/write impact on performance, but the protection is well worth the minor performance hit.
- Protects against data loss and theft, which can be very expensive if PII, SPI, PHI is involved. Fines for this type of loss can be very high, along with the costs of notification, and discovery.
- Cost is included in Windows O/S, without needing additional licensing costs.
Previously used TrueCrypt until vulnerabilities were discovered. Overall performance improved when going from TrueCrypt to BitLocker.