A quick guide on how to manage Microsoft BitLocker in an enterprise.

  • By BitTruster
  • April 8, 2021

Any enterprise that is storing data, has to have an encryption feature software in their system. Microsoft windows created BitLocker in order to build a safe environment for data. However, let’s clear some things first. What does BitLocker really do? To put it in the simplest form, BitLocker secures data by encrypting them. Thus, safely converting them into code that cannot be read without authenticated decrypting using a recovery key. When it comes to storing and managing data in an Enterprise, it’s the CIO’s or CISO’s job to do so. If you’re the CIO or the CISO of your organization then this blog post is definitely for you or whoever else is interested in managing BitLocker.

Every organization has information that must be protected at all costs. The larger the organization, the greater the need to protect it. Securing data is now a priority of doing business. The first thing to take into consideration is to fully understand the current environment of the enterprise BitLocker is operating in.
To do so, informal audit is required. What are the current policies and procedures of your enterprise? What’s the hardware environment? At times, when installing BitLocker, unpredicted additional hardware requirements might come up, ending up costing even more than anticipated. For instance, having deployed a Windows OS that includes BitLocker, requires you to provide the Trusted Platform Module chip in order to access full features of BitLocker. Adding the Trusted Platform Module chip for every device that contains Windows OS means you should invest around $30 for each. What about the cost of BitLocker itself? Sometimes, you understand the full cost of maintaining a software only after it has been implemented. Things like the example with the unforeseen hardwares above can happen. Installing BitLocker is free, however the cost of maintaining it is not. Managing BitLocker means that at different times you might need to upgrade some of your enterprise Windows licenses or keep an eye out for additional Microsoft software to support BitLocker Administration and Monitoring. They require their own Windows and SQL server which contribute to even higher expenses.
Taking all of this into consideration, let’s jump into some tips and tricks every CIO and CISO should know when managing BitLocker. If your enterprise only needs a baseline level of data protection so as to meet security policies, then BitLocker’s Trusted Platform Module (TPM)- only authentication method will suffice. This method however, is seen as more suitable for computers than can be rebooted without any supervision. You should also consider the fact that although this is the least expensive form of authentication, it’s also the least powerful. If your enterprise is storing highly sensitive data, the best option would be to deploy BitLocker with multi-factor authentication on those systems.

The biggest challenge faced by IT departments in an Enterprise is that they should make sure to keep costs low, while maintaining a secure and effective data encryption software, keep all corporate data safe whilst fully complying with data privacy legislations and keeping their clients happy. So what to do in this case? BitTruster is specifically created to easily manage BitLocker. Our mission at BitTruster is to provide a very simple, focused and cost-effective solution when implementing and managing BitLocker.
Now that you know the cost of managing BitLocker, is the solution clear yet?