JumpCloud Office Hours: Join our experts every Friday to talk shop. Register today

Remotely Enable/Enforce Bitlocker & FileVault



Using JumpCloud® Policies, admins can remotely enable and enforce Windows® Bitlocker and Mac® FileVault full disk encryption (FDE). FDE is a buzzword being thrown around the IT industry a lot these days, but why is it important?

Why FDE is Important

FDE for Mac and Windows machines

In a day and age where data is invaluable, keeping it protected needs to be held in the same regard. This task is easier said than done; data can be accessed, and therefore compromised, in a variety of forms. One form that often falls unprotected is data at rest, that is, data available on a hard drive of a system like Mac, Windows, or Linux.

For servers and databases, there are several solutions on the market that IT admins can use to encrypt their data, protecting them in case of theft. Additionally, the act of physically stealing a server or database requires an Ocean’s Eleven level of heist, making them less of a target for data thieves. And, while there aren’t too many Brad Pitts or George Clooneys looking to get into AWS data centers physically, there are a lot of them looking to get in virtually and steal data.

Computers (laptop or desktop workstations), on the other hand, are much easier to swipe. Forbes reports that “one laptop is stolen every 53 seconds.” Even if the system itself is locked down, tech-savvy burglars can simply eject the system’s hard drive and pilfer the juicy data stored inside.

Due to this fallibility, Microsoft® and Apple developed Bitlocker and FileVault (respectively) as a way to lock down data when the hard drive is at rest. This full disk encryption became an industry standard for ensuring at rest data is kept safe. In fact, several compliance standards, such as PCI and HIPAA, require full disk encryption to achieve full compliance, and GDPR strongly recommends the practice.

The Trouble with FDE

Despite this, organizations have yet to widely implement and enforce Bitlocker and FileVault across their system fleets. While solutions exist on the market to enable the FDE programs, it is increasingly difficult to enforce, especially across heterogeneous, cross-platform environments.

One such difficulty lies in the recovery key, which is akin to a complex, nigh-uncrackable password that is unique to each encrypted drive. The recovery key is used in the case that the encrypted hard drive needs to be recovered for any reason. Given the importance of these keys, admins need to store them in a secure and easily accessible way. Many FDE management solutions available do not have the ability to store recovery keys or make them easily accessible, yet secure.

FDE Management Made Easy

An ideal system management solution would be able to remotely enable and enforce Bitlocker and FileVault across entire Windows and Mac system fleets, along with securely storing recovery keys in escrow. Thankfully, Directory-as-a-Service® is such a solution.

JumpCloud Directory-as-a-Service is a cloud directory service for the modern era. The solution is capable of managing cross-platform environments (Windows, Mac, and Linux®) using cross-platform Policies, which are similar to the Group Policy Objects (GPO) that made Microsoft Active Directory® so popular among Windows admins.

One such policy enables and enforces FDE remotely on systems managed in JumpCloud, securely storing the respective recovery key in escrow for use whenever necessary. The entire process happens silently using the JumpCloud system agent in the background.

Try JumpCloud Free

JumpCloud’s abilities don’t stop at system management. Admins can use Directory-as-a-Service to federate user identity access to applications (cloud and on-prem using LDAP and SAML), networks (using RADIUS), servers, and other essential IT resources using a single, secure credential. Since it is a cloud-based directory, IT organizations can control their entire environment from a centralized, easy-to-use browser console.

The entire JumpCloud Directory-as-a-Service product is available absolutely free for ten users and less. All you have to do is sign up for an account. If you have any questions about FDE with JumpCloud, or any additional concerns with the Directory-as-a-Service product, please contact us or consult our Knowledge Base for more information.


Recent Posts
See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

Blog

July ’20 Newsletter

See all of the new features and updates available in Directory-as-a-Service in the July '20 edition of the JumpCloud Newsletter.

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

Blog

SysAdmin Day: 5 Ways to Treat Yourself with JumpCloud

You should be celebrated on SysAdmin Appreciation Day, and you can also treat yourself with these five time-savers and tools in JumpCloud.

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.

Blog

Automate Linux Management

IT admins save time and money by automating the management of longterm Linux infrastructure. DaaS helps you automate Linux management for free.