{"id":45820,"date":"2020-04-16T15:00:00","date_gmt":"2020-04-16T21:00:00","guid":{"rendered":"https:\/\/jumpcloud.com\/?p=45820"},"modified":"2020-04-15T14:39:29","modified_gmt":"2020-04-15T20:39:29","slug":"set-up-fde-remote","status":"publish","type":"post","link":"https:\/\/jumpcloud.com\/blog\/set-up-fde-remote","title":{"rendered":"Set Up Full Disk Encryption for Remote Systems"},"content":{"rendered":"\n
Now that much of the world works remotely, IT admins have their hands full. A key part of their job now is to secure remote systems. Out of the many problems involved with securing remote systems, one issue in particular is how to set up full disk encryption (FDE) for remote systems.<\/p>\n\n\n\n
IT admins always want to be sure that their corporate data is safe, but with a fully remote workforce, IT has less control over the systems that have access to that data. After all, systems can be easily stolen or compromised<\/a>, and when they are outside of IT\u2019s sphere of influence, that risk is multiplied.<\/p>\n\n\n\n A best practice to enforce when IT admins are unsure of their systems\u2019 security is full disk encryption. FDE \u2014 called BitLocker on Windows\u00ae<\/sup> machines and FileVault 2 on macOS\u00ae<\/sup><\/a> systems \u2014 uses system software components to ensure that hard drives are encrypted when at rest.<\/p>\n\n\n\n With FDE, a hard drive is constantly encrypted until a user logs in to the system. That means that if the user\u2019s system is stolen, the data stored inside is inaccessible unless the user\u2019s identity is compromised as well. If the user forgets their password, the drive can only be decrypted through its unique recovery key, which IT needs to store in escrow for safekeeping.<\/p>\n\n\n\n In order to implement FDE, IT organizations often need to be able to remotely activate system-level configurations through a group policy tool or similar solution. This can often be accomplished through a directory service or a device management tool<\/a>, although remote workers add another layer of complexity if those solutions aren\u2019t cloud-based, since they fall outside of the immediate domain of on-prem tools.<\/p>\n\n\n\n Of course, the issue isn\u2019t just enabling FDE but also managing the entire process. Although FDE is great to protect against data loss via hard drive theft, it can also lead to data loss if users forget their passwords. Thus, IT admins want to ensure that each system has a recovery key that\u2019s stored securely and accessible to the IT admin in the case of an issue.<\/p>\n\n\n\nLeveraging the Cloud to Set Up FDE Remotely<\/h2>\n\n\n\n