It's no secret that data security is vitally important for every organization: by protecting customers’ data, MSPs will safeguard both their client’s businesses and their reputations.
The protection of customer data today goes beyond using anti-malware and firewall software. It also goes beyond using a secure password on every device. If a physical device falls into the wrong hands, what is stopping someone from removing the data storage component and accessing any privileged data that it holds using a docking station or a data transfer cable?
For this reason, all devices which store private data require encryption. There are many different options out there for encrypting data - but there may not be anything currently as popular as BitLocker.
Table of Contents
Why BitLocker?
BitLocker is full-disk encryption software. It all begins with the fact that it comes for free in the professional and enterprise versions of the Windows operating system.
It's Widely Used and Easily Supported
The popularity among MSPs makes it much easier to support, thanks to the availability of user forums and records of known issues and fixes.
It's Been Tried and Tested
BitLocker has been tried and tested, so users get a straightforward and secure solution thanks to the popularity of this solution across the industry.
Further reading Full Disk Encryption: BitLocker and Alternatives
Preparing your Organization for BitLocker
Implementing BitLocker to encrypt devices on your network involves overcoming several different challenges. Prepare your plan of attack in advance and communicate it to all your staff and end-users who will be affected.
Create an SOP for your Encryption Policy
Developing a standard operating procedure (SOP) will help to establish an understanding of the actions that need to be taken and the impact these will have. This SOP should include both the industry standards procedures and any specific procedures that relate to your company’s practices. This SOP requires review by everyone involved in the process, including each end-user, before starting the rollout.
Phase Out of Outdated Operating Systems
If possible, upgrade all your devices to the latest standard of the operating system before rolling out the BitLocker implementation. While Windows 7 supports BitLocker, as of January 2020, Microsoft no longer supports this version. Although Windows 7 remains a popular operating system, the loss of official support for bug-fixes makes it an unacceptable security risk that businesses should eliminate.
Confirm Solid Data Backups
Encrypting drives brings the inherent risk that you may lose access to your data if the password is lost or the drive fails. Because of this, it's imperative to verify that every backup has completed successfully, and data is recoverable before the BitLocker implementation.
Determining Specific Requirements
Encrypting devices throughout a network can be a significant project. The following steps will let you know what to expect during your specific implementation.
Find Out Which Devices Need Encryption
In many cases, businesses need every device on their network to be encrypted. There may be cases where it may be better to identify a list of the devices where encryption is required and only configure BitLocker on these specified devices. Determine the total number of devices that need to be encrypted depending on your specific situation.
Develop Passphrase Standards
Each device will require an additional level of authentication in the form of a passphrase before it can be accessed. As each device has its passphrases added, it's essential to have a standard to ensure that all passphrases provide the appropriate level of security. It's up to the MSP and the client to, between them, determine the minimum standards to implement. Remember that a simple passphrase will be simple to bypass, defeating the whole point of making an effort to implement BitLocker in the first place.
Further reading Password Management Best Practices for MSPs
Budget, Time, and Cost
Managed service providers need to work out how to budget the time and resources necessary to complete the implementation, and client businesses need to understand the financial investment that they are willing to make.
Deployment
Proper preparation is vitally important - but it all goes to waste if the deployment fails. The swift and successful execution of your deployment plan is the entire point of this process. Here are a few suggestions to help make this happen.
Coordinate a Rolling Deployment
To verify that the rollout has a minimal effect on business productivity, coordinate a rolling deployment. Implementing BitLocker on a device will make that device unavailable while the initial encryption is in progress. For devices with large storage capacity, this may be some time. These constraints may mean rather than taking an entire department down at any one time, pick just one or two devices from that department for deployment. If this is not possible, or if it will still negatively affect productivity, you may need to plan upgrades for implementation during off-hours.
Educate End Users on Appropriate Use
End-users need to understand the importance of this new encryption process and how to use it appropriately. Most importantly, users must not share their encryption keys with anyone else, no matter what the situation may be. If a user believes that their key has fallen into the wrong hands, they must notify the managed service provider immediately.
Further reading End-User Training Guide for MSPs
Additional Considerations
There are a few other factors to consider, including mobile devices and recovery processes.
Mobile Devices
Mobile devices running iOS or Android may require additional considerations. Both operating systems have native options for data encryption. Managed service providers should assist the businesses by supporting encryption for these devices, too.
Recovery Processes
If a device fails, BitLocker can make recovery just a little bit harder to achieve. You can recover failed devices from their data backup but, if that data needs to be pulled directly from an encrypted drive, the managed service provider will need to be prepared to take the necessary actions to achieve this.
Conclusion
BitLocker is an excellent tool for taking the next step in protecting user data, but its implementation needs careful planning and decisive execution. Doing it the right way will ensure the maximization of business productivity throughout the deployment process, leaving the customer with a smile on their face after the rollout is complete.
This eBook provides an overview of how to design an efficient and effective network:
- How to choose routers and switches
- Overview of DCHP and DNS
- Guide to subnets and IP addresses, and more
