Protecting your personal data should be a top priority for all users, but unfortunately this can get costly with third party solutions. Microsoft has included a volume encryption mechanism since Windows Vista, but it was only included in two product SKUs– Windows Vista Enterprise and Windows Vista Ultimate editions. This feature segregation has continued into the Windows 7 world now, but in my humble opinion it is worth the price of admission to Windows 7 Ultimate for the consumer world and Windows 7 Enterprise for the business space.
Of course there are improvements, some of which are:
Bitlocker’s requirements are very reasonable:
Once all the requirements have been fulfilled, enabling BitLocker it is as simple as going to the Control Panel, System and Security and choosing BitLocker Drive Encryption. You can choose which volumes you wish to enable encryption on and the wizard will walk you through the rest. In some cases you will have to go into the BIOS of your computer and turn on the TPM Chip, but the BitLocker wizard should tell you to do that. I won’t bother going through all the steps to enable BitLocker because Microsoft has already published a very detailed TechNet article on that very subject: BitLocker Drive Encryption Step-by-Step Guide for Windows 7
BitLocker will encrypt your system or data volumes, making it impossible for someone to read the contents of the device should they get physical access to your drive. The volume would appear to another Windows machine as an unformatted volume, and without the recovery key, the contents would be impossible to recover.
Another useful situation in which BitLocker can save an organization or individual valuable time is if you are retiring, donating and or discarding hardware; traditionally it is recommended that you run a utility that will “zero” out the disk to try and destroy all the data that was on the drive. With BitLocker enabled, all you would have to do is clear out the recovery key from the TPM chip and/or not include the USB key containing the recovery key, and the volume is unrecoverable. I don’t know about you, but I prefer a method that will take minutes over a drive wipe that could take hours to complete, and only growing longer as drive volumes continue to increase.
Absolutely yes, you should use BitLocker, especially if you are a mobile user where your sensitive data could be compromised or stolen. Also encourage your customers, whether you are a consultant, system administrator and or the family tech support person to start securing their data also.
In future articles I will talk about how to manage BitLocker in the enterprise using Group Policy and Active Directory.