When you protect the information on a drive using MS BitLocker encryption, as a part of that process a unique 48-digit recovery key, a numerical password that can be used to unlock your system, is generated.
Because BitLocker is Windows encryption technology that protects your data from unauthorized access, this key becomes necessary to use if BitLocker cannot confirm that the attempt to access the system drive is authorized by other means. Apart from outright unauthorised access attempts, this could also happen if you make changes to hardware, firmware, or software that BitLocker cannot distinguish from a possible attack.
The BitLocker encryption key is not stored locally on the machine, which makes sense from a security perspective, but it can create problems for normal authorised access to the endpoint.
BitTruster and our centralized encryption management solution solves this challenge by storing the encryption keys for all machines under management in a central repository so that they are available and can be shared with user(s) as needed.
In addition to the recovery keys, BitTruster also stores the actual key packages, which would be needed if there is a more severe technical or mechanical problem with accessing and potentially restoring information on a drive encrypted using MS BitLocker.
Also, if you want to implement the widely available added security function of pre-boot authentication using TPM and potentially a PIN code, this can also be centrally rolled out and managed with BitTruster. In this case, if PIN codes are used, they will be randomly generated and centrally stored before being communicated to users to ensure future access to the machine(s).