The IT Guide to Enforcing Full Disk Encryption Windows Edition – Security Boulevard

By Zach DeMeyer Posted November 27, 2019

Full disk encryption (FDE) is one of the most critical security features to enable on your users systems. Realizing this, both Microsoft and Apple created FDE software for their respective operating systems. In this post, we will focus on Bitlocker, Microsofts FDE solution, and guide you on how to enforce FDE for Windows systems.

When enabled, FDE software like BitLocker encrypts the hard drive while its data is at rest. In order to unlock the drive for use that is, decrypt it the systems user needs to enter their password. That way, if a bad actor steals a machine and removes the hard drive, they still cannot access the data stored on it.

As a failsafe, Bitlocker and other FDE software generally include some sort of recovery key that unlocks a drive in case an IT admin removes the drive from a damaged system or the user forgets their password. These keys need to be properly managed to ensure that the drive can be securely recovered later if need be, but more on that in a second.

Over the years, many hackers have breached an organization because a stolen system or hard drive contained confidential information. By locking down the drive entirely, organizations prepare themselves for the worst and rest assured knowing their data is encrypted at-rest.

Additionally, several compliance regulations demand some form of disk encryption to meet requirements. Enforcing FDE for Windows (and other) systems ticks that major box on IT admins compliance checklist.

For Windows, IT admins can enable BitLocker fairly easily by means of a policy or software solution specific to managing Bitlocker. The process is generally straightforward; an admin chooses a Windows system (or group of systems), and turns on Bitlocker using one of these methods. By the next system reboot, Bitlocker encrypts the at-rest hard drive.

Although enforcing FDE on Windows systems is relatively easy, managing Bitlocker FDE after the fact is another story. Many FDE enablement (Read more...)

Go here to read the rest:
The IT Guide to Enforcing Full Disk Encryption Windows Edition - Security Boulevard

Related Post

Comments are closed.