Webinar: Learn how to improve WFH security in our Sept. 29 webinar with a former General Electric CIO & an industry analyst Register today

Understanding Policies: BitLocker and FileVault 2




By implementing Policies, JumpCloud® admins automate much of their system security management across their Windows®, Mac®, and Linux® fleets. Two specific Policies, BitLocker and FileVault 2, are key for enforcing full disk encryption (FDE) at scale across an organization’s Windows and Mac systems.

What are the BitLocker and FileVault 2 Policies?

The BitLocker (Windows) and FileVault 2 (Mac) Policies enable full disk encryption for their respective operating systems. More on full disk encryption in just a bit.

Both policies leverage native settings accessed via the JumpCloud system agent to enable FDE on a system. Once enabled, the BitLocker and FileVault 2 Policies also collect the associated recovery key (a necessary backup for FDE) and store it in escrow for safe keeping.

Why Use These Policies?

FDE is a practice that encrypts a system’s hard drive while at rest. That way, in the unfortunate event that a system is stolen or otherwise physically compromised, the data stored on its hard drive is rendered inaccessible to anyone who doesn’t have the unique recovery key or the user’s password. In this manner, FDE is one of the most powerful ways to defend a system’s data if the hard drive is compromised.

Unfortunately, there are many examples of physical theft of a laptop or other workstation that have led to a data breach, especially among healthcare organizations. As such, many compliance regulations require some sort of disk encryption for certification.

Many IT organizations, however, have found it difficult to enforce FDE across both Windows and Mac system fleets automatically at scale without leveraging several solutions to do so. Beyond that, very few FDE solutions on the market feature recovery key escrow, which is crucial to retrieving data on an encrypted drive should the end user forget their password or get locked out.

By leveraging the BitLocker and FileVault 2 Policies from JumpCloud, organizations can apply FDE en masse with just a couple clicks. JumpCloud also stores individual recovery keys so IT organizations can still unlock encrypted drives if a hard drive is removed or an end user forgets their password and can’t unlock their computer.

How to Use the FDE Policies

IT admins can enable all JumpCloud Policies directly from the Directory-as-a-Service Admin Portal by going to the Policies tab and applying them either to individual systems or Groups of systems. You can watch the video above for a more detailed tutorial.

Not a JumpCloud Customer?

Interested in fleetwide policy management for FDE and other security features at scale? Try JumpCloud Directory-as-a-Service®, the first cloud directory service, absolutely free. Just sign up for a JumpCloud account, which includes 10 complimentary users to get you started.


Recent Posts
Analyze user LDAP authentication events from a web-based portal or automatically export the data for more analysis. Try JumpCloud Free today.

Blog

Automate Reporting Across LDAP Apps, Networks, & Servers

Analyze user LDAP authentication events from a web-based portal or automatically export the data for more analysis. Try JumpCloud Free today.

JumpCloud is updating the Admin Portal to be able to import users from G Suite without opening a new tab, keeping the workflow in app.

Blog

G Suite Import Tool Changes

JumpCloud is updating the Admin Portal to be able to import users from G Suite without opening a new tab, keeping the workflow in app.

IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.

Blog

The JumpCloud Lounge Q&A Roundup: Enrolling in JumpCloud MDM, Pulling Disk Space, & Using Hardware for MFA

IT admins talk about enrolling in JumpCloud MDM, pulling disk space with System Insights, and MFA. Try JumpCloud Free.