Using JumpCloud® Policies, admins can remotely enable and enforce Windows® Bitlocker and Mac® FileVault full disk encryption (FDE). FDE is a buzzword being thrown around the IT industry a lot these days, but why is it important?
Why FDE is Important
In a day and age where data is invaluable, keeping it protected needs to be held in the same regard. This task is easier said than done; data can be accessed, and therefore compromised, in a variety of forms. One form that often falls unprotected is data at rest, that is, data available on a hard drive of a system like Mac, Windows, or Linux.
For servers and databases, there are several solutions on the market that IT admins can use to encrypt their data, protecting them in case of theft. Additionally, the act of physically stealing a server or database requires an Ocean’s Eleven level of heist, making them less of a target for data thieves. And, while there aren’t too many Brad Pitts or George Clooneys looking to get into AWS data centers physically, there are a lot of them looking to get in virtually and steal data.
Computers (laptop or desktop workstations), on the other hand, are much easier to swipe. Forbes reports that “one laptop is stolen every 53 seconds.” Even if the system itself is locked down, tech-savvy burglars can simply eject the system’s hard drive and pilfer the juicy data stored inside.
Due to this fallibility, Microsoft® and Apple developed Bitlocker and FileVault (respectively) as a way to lock down data when the hard drive is at rest. This full disk encryption became an industry standard for ensuring at rest data is kept safe. In fact, several compliance standards, such as PCI and HIPAA, require full disk encryption to achieve full compliance, and GDPR strongly recommends the practice.
The Trouble with FDE
Despite this, organizations have yet to widely implement and enforce Bitlocker and FileVault across their system fleets. While solutions exist on the market to enable the FDE programs, it is increasingly difficult to enforce, especially across heterogeneous, cross-platform environments.
One such difficulty lies in the recovery key, which is akin to a complex, nigh-uncrackable password that is unique to each encrypted drive. The recovery key is used in the case that the encrypted hard drive needs to be recovered for any reason. Given the importance of these keys, admins need to store them in a secure and easily accessible way. Many FDE management solutions available do not have the ability to store recovery keys or make them easily accessible, yet secure.
FDE Management Made Easy
An ideal system management solution would be able to remotely enable and enforce Bitlocker and FileVault across entire Windows and Mac system fleets, along with securely storing recovery keys in escrow. Thankfully, Directory-as-a-Service® is such a solution.
JumpCloud Directory-as-a-Service is a cloud directory service for the modern era. The solution is capable of managing cross-platform environments (Windows, Mac, and Linux®) using cross-platform Policies, which are similar to the Group Policy Objects (GPO) that made Microsoft Active Directory® so popular among Windows admins.
One such policy enables and enforces FDE remotely on systems managed in JumpCloud, securely storing the respective recovery key in escrow for use whenever necessary. The entire process happens silently using the JumpCloud system agent in the background.
Try JumpCloud Free
JumpCloud’s abilities don’t stop at system management. Admins can use Directory-as-a-Service to federate user identity access to applications (cloud and on-prem using LDAP and SAML), networks (using RADIUS), servers, and other essential IT resources using a single, secure credential. Since it is a cloud-based directory, IT organizations can control their entire environment from a centralized, easy-to-use browser console.
The entire JumpCloud Directory-as-a-Service product is available absolutely free for ten users and less. All you have to do is sign up for an account. If you have any questions about FDE with JumpCloud, or any additional concerns with the Directory-as-a-Service product, please contact us or consult our Knowledge Base for more information.