Managing BitLocker in Windows 10

So you’ve heard – Windows 10 has hit the PC world by storm, with widespread adoption in the private and public sector catching up to the consumer side. According to Gartner, the adoption of Windows 10 is faster than previous OS and the traditional refresh cycles are shortening. What’s driving the movement? Well, it’s a combination of events really, all based on one common need – Security.

Three Key Drivers for Windows 10 Adoption

First off, most businesses either were or are still using Windows 7, one of the most successful Windows OS releases to date. However, End of Extended Support by January 2020 for Windows 7 was announced earlier this year, leaving just three years for IT teams to begin planning and implementing a shift to Windows 10. Considering the total time to evaluate and deploy Windows 10 is about 21 to 23 months, the time to start planning was yesterday.

Microsoft has also stepped up their security game in a major way, with a revamped Windows Defender offering malware protection out-of-the-box, new boot- and OS-level protections including Device Guard and Credential Guard. They’ve also carried over major improvements made previously to BitLocker Drive Encryption with Windows 8 to the new Windows 10, so BitLocker on Windows 10 is the latest and most powerful version.

Lastly, recent security incidents including WannaCry and Petya leveraged vulnerabilities in legacy systems – primarily Windows XP and Windows 7 – to attack devices with ransomware on a scale never seen before. For that reason, Microsoft and many IT security companies, including WinMagic, highly recommend upgrading to Windows 10 with the new security patching and upgrade-as-a-service model.

BitLocker for Windows 10 – A Solid Starting Point

Speaking with Gartner Analysts, we know that BitLocker Drive Encryption is being adopted on a scale never seen before with Windows 10. However, Aaron McIntosh (Product Marketing Manager) and I discovered that a key component of encryption seems to be missing – key management.

About two weeks ago, we hosted a webinar entitled Windows 10: How to Protect Your Data and Manage Compliance. Through polling questions we found that the majority of the audience was using BitLocker to protect data-at-rest on Windows systems, but most commonly without any management solution in place (75%), such as MBAM or a third-party solution. More importantly, the same audience noted common issues with cost of ownership, performance, compatibility and complexity.

Business are evidently leveraging OS-embedded encryption offered with BitLocker on Windows 10, but even so, they’re experiencing issues with applying an OS-specific security model to a diverse, multi-OS, multi-platform IT environment. For that reason and more outlined in my previous blog post on BitLocker, I believe that BitLocker with Windows 10 is a solid starting point to protecting your data, but encryption is just the beginning.

BitLocker Windows 10 Compatibility Checklist

Many businesses have realized the need for centralized key management and auditing when it comes to native crypto solutions like BitLocker for Windows or FileVault 2 for Mac. But it’s not easy choosing from a variety of third-party solutions out there, so let’s focus in on the issue of Compatibility when it comes to ISV Encryption and/or BitLocker Management for your Windows 10 deployment:

• Ensure that your encryption solution supports both legacy-BIOS and UEFI with Secure Boot introduced with Windows 8. It’s been around for a while, but not all solutions support the newer UEFI, or they may require you to configure UEFI-enabled devices back to legacy-BIOS mode.
• Check if your encryption solution allows you to leverage new Windows 10 security features alongside encryption/key management, including Device Guard and Credential Guard. You’ll want a solution that works alongside new features, instead of interfering with them.
• Check if your solution provider is a Microsoft Gold Partner – ensuring that they complete a set of rigorous tests to prove their level of technology expertise, and work alongside Microsoft to provide integrated, reliable data protection across your Windows 10 deployments.
• Choose an encryption and key management solution that is compatible with Windows, Mac and Linux across a variety of different platforms and hardware to deliver unified data protection.

WinMagic offers the most highly integrated solution for BitLocker Management in the market today, what we like to call SecureDoc on Top for BitLocker (or SDoT). You can learn more about SDoT and how it can help you reduce cost of ownership, improve performance, deliver more compatibility, and reduce complexity by checking out our latest Tech Brief on Managing BitLocker in the Enterprise.