BitLocker

BitLocker Drive Encryption Overview

All of the most recent Windows operating systems since Windows Vista have had the ability to reap the benefits of BitLocker Drive Encryption, a feature that aims to provide computers with a more comprehensive level of data and operating system protection. Though BitLocker Drive Encryption works best in combination with a Trusted Platform Module (TPM) microchip, the feature can still be used without one, providing you with some flexibility regarding how exactly you want sensitive information to be protected. By utilizing state-of-the-art software- and device-layer encryption to protect the data stored on your drives and monitoring your computer’s startup settings, BitLocker prevents hackers from being able to exploit vulnerabilities or access your encrypted information, even if physically moving your hard drive from one computer to another. BitLocker Drive Encryption is a data protection feature available Windows Server 2008 R2 and in some editions of Windows 7. Having BitLocker integrated with the operating system addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.

Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render data inaccessible when BitLocker-protected computers are decommissioned or recycled.

BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2. The TPM is a hardware component installed in many newer computers by the computer manufacturers. It works with BitLocker to help protect user data and to ensure that a computer has not been tampered with while the system was offline.

On computers that do not have a TPM version 1.2, you can still use BitLocker to encrypt the Windows operating system drive. However, this implementation will require the user to insert a USB startup key to start the computer or resume from hibernation, and it does not provide the pre-startup system integrity verification offered by BitLocker with a TPM.

In addition to the TPM, BitLocker offers the option to lock the normal startup process until the user supplies a personal identification number (PIN) or inserts a removable device, such as a USB flash drive, that contains a startup key. These additional security measures provide multifactor authentication and assurance that the computer will not start or resume from hibernation until the correct PIN or startup key is presented.

Key Features

• Comprehensive data protection
• Enhanced Trusted Platform Module (TPM) functionality
• Additional password-based security options
• Operating system vulnerability protection
• Startup-key compatibility