By Zach DeMeyer Posted January 30, 2019
The BitLocker full disk encryption (FDE) tool has easily become an indispensable feature of the Windows® operating system. With lost and stolen laptops with confidential data costing some organizations tens of millions of dollars in fines, enabling full disk encryption can be a simple, yet dramatically valuable safeguard. Of course, the challenge of FDE facing today’s IT admins is the ability to manage BitLocker enablement and recovery keys at scale. The good news is that a remote BitLocker management tool is available to simplify the process.
What is Full Disk Encryption (FDE)?
Full disk encryption is a feature of both Windows and macOS® to help IT admins protect their organization’s data. By using FDE, the hard drive is put into an encrypted state while at rest, and then decrypted by authorized users when needed. This decryption is done by entering the user’s system password, or via a unique recovery key which is generated per encrypted drive.
There is a bit of overhead for the user with slightly slower login times, but the benefits of protecting the data far outweigh that downside. Of course, the efficacy of FDE is partially reliant upon the end user’s ability to remember their system password. And, while an IT admin can use an associated recovery key to decrypt the volume in the case of a forgotten password, managing individual recovery keys is increasingly challenging as an organization scales.
Without a key escrow system to securely manage recovery keys, the disk’s data can be completely lost. Due to this, a Bitlocker management tool is essential for proper FDE enforcement.
Approaches to Bitlocker Management
When it comes to leveraging Bitlocker across entire Windows fleets, there are several approaches to management. Of course, IT admins can always elect to do so manually, seeking out each individual’s system, enabling Bitlocker, and escrowing the associated recovery key by hand. While this approach is easier done by smaller businesses, the process becomes arduous with more users involved. For these larger companies, as well as SMBs, finding remote Bitlocker management may be the best bet.
Remotely managing the enablement of BitLocker and recovery keys, however, can be a challenge. Recovery keys need to be stored securely in escrow, and if there are a large number of employees, it is critical to utilize a specialized tool to do so. Further, enabling BitLocker across entire fleets can be painful without a remote management solution. Of course, many organizations have more than just Windows machines, so this issue becomes even more complicated.
Remote Bitlocker Management from the Cloud
Luckily, remote BitLocker management (and FileVault) is available through a cloud identity management platform called Directory-as-a-Service® from JumpCloud®. In addition to user management capabilities, this cloud identity provider has deep system management capabilities including policies for FDE. IT admins can enable BitLocker and FileVault on their systems and securely escrow and manage individual recovery keys.
If your organization is looking for a remote Bitlocker management tool, contact us to learn more. Also, if you are interested in trying out the first cloud directory service, simply sign up for Directory-as-a-Service today. You can try the entire JumpCloud platform absolutely free, with ten users included with your account forever.