Stay safe, especially when storing sensitive data, with BitLocker Drive Encryption.
February 13, 2019

Stay safe, especially when storing sensitive data, with BitLocker Drive Encryption.

Roger Mialkowski | TrustRadius Reviewer
Score 8 out of 10
Vetted Review
Verified User
Review Source

Overall Satisfaction with BitLocker Drive Encryption

BitLocker Drive Encryption is used by my company to secure all customer data and backups. In the event of a breach, the bad actor would need to also be able to break into the encrypted volumes to gain access. It's another barrier that would have to be crossed, which may deter the attackers. It is easy to set up and is included with Windows 10 Professional along with Windows Server operating systems.
  • On my customer's machines, it's convenient that BitLocker can be set up to automatically open an encrypted volume so that my customer doesn't have to enter the passphrase every time they log in.
  • BitLocker is compatible with NTFS and ReFS which gives you options for your storage.
  • There doesn't really appear to be any performance penalty for encrypted volumes, so it is a seamless experience.
  • When encrypting external devices such as USB flash drives or USB/eSATA hard drives, it would be handy if there was a cross-platform (MacOS, Linux) utility to at least be able to read the encrypted data after entering the passphrase.
  • A variety of crypto ciphers would be a good option for BitLocker to offer.
  • A self-destruct option would be helpful if an attacker were to try to brute-force passphrases to attempt to gain access to the encrypted volume.
  • Companies that store financial information would benefit from BDE since their clients' data would be encrypted and that would help in audits and avoiding fines for not securing that data.
  • BDE is included in higher-end consumer operating systems and Windows Server operating systems, which means you won't have to spend extra money on 3rd party products, support, or maintenance renewals.
  • The learning curve is very small since BDE is built into the Windows operating system, so you don't have to worry about compatibility or additional software installations.
An open-source freeware alternative to BDE that comes to mind would be VeraCrypt. It is the continuation of the TrueCrypt project which was abruptly halted a few years back. VeraCrypt does offer additional crypt ciphers to choose from, so that feature is good to have and BDE lacks that at this time. I have concerns about using full disk encryption of the boot drive using VeraCrypt though, because it's hard to tell when a Windows patch/upgrade may break the low-level drivers of VeraCrypt, so I typically opt to use BDE for boot drive full disk encryption.
BitLocker Drive Encryption should be a standard business practice for any company that stores sensitive data on servers and/or external storage devices such as USB or eSATA. I've seen many businesses use external storage devices as a destination for individual computer backups, but then the backups themselves are not encrypted and anyone can simply grab the USB/eSATA device and run off with it, now having access to the unprotected backups stored on it.