Using BitLocker in Windows 7

BitLocker allows users to lock down workstations and mobile devices. But the drive-encryption technology isn't for all enterprises. Find out if it's right security control for you.

BitLocker -- released with Windows Vista -- allows users to lock down workstations and mobile devices. This drive-encryption technology can minimize the ramifications of a theft or loss.

Many enterprises have little or no experience with BitLocker because Vista was not widely deployed. But that may change with Windows 7.

The latest incarnation of BitLocker features several configuration and extensibility improvements. The technology is not only simpler to enable than the original, but it can also encrypt non-OS drives and mobile storage devices like external hard drives and USB flash drives.

For small organizations looking for a quick answer to the drive-encryption dilemma, BitLocker is a practical -- and free -- solution, as long as they have the right hardware and version of Windows 7.

However, the technology may not work for midsize to large organizations.

A major factor to consider with BitLocker is the difference between price and long-term cost. Deployment costs can skyrocket because IT has to ensure BIOS support on every machine and enable the Trusted Platform Module (TPM) chip.

Furthermore, unless every system is running the right hardware and version of Windows 7, drive encryption -- and thus security and compliance -- won't be consistent across the board.

In addition, if an enterprise is moving toward true single sign-on, BitLocker won't be able to help unless users remember their TPM PINs. Also, if a TPM PIN or USB-based startup key is not used with BitLocker, the only thing keeping out snoops are users' passwords. Drive encryption is one of the most contentious security controls available.

It's hard to deny that many publicized mobile security breaches could have been avoided if drive encryption was in place. I've always been a big advocate of mobile security, especially laptop and removable drive encryption -- it just seems essential.

But that doesn't necessarily mean it's for everyone in every situation. You have to understand where you're at risk and then find suitable controls to minimize those risks.

Some people argue that drive encryption is not worth the extra cost, but since drive encryption now ships with an Open Systems Interconnection, this excuse may not be valid. Regardless, it is still important to consider the size of your business, the in-house resources available, and the visibility and control you need for security administration and compliance. Therefore, you have some homework to do before assuming that BitLocker is a good fit.

There's no wrong decision as long as you look at the big picture and do what's best for your business before jumping on the BitLocker bandwagon.

Kevin Beaver
is an information security consultant, expert witness, author and professional speaker at Atlanta-based Principle Logic LLC. With over 22 years of experience in the industry, he specializes in performing independent security assessments around information risk management. He has authored/co-authored 10 books on information security including the best-selling Hacking For Dummies. In addition, he's the creator of the Security On Wheels information security audio books and blog providing security learning for IT professionals on the go. You can reach him through his website www.principlelogic.com, follow him on Twitter at @kevinbeaver and connect to him on LinkedIn.

Dig Deeper on Microsoft Windows 7 operating system

Virtual Desktop