Table of Contents<\/p>\n\t\t\t\t
- <\/ul>\n\t\t\t\t<\/div>\n
Why BitLocker?<\/h2>\n
BitLocker is full-disk encryption software. It all begins with the fact that it comes for free in the professional and enterprise versions of the Windows operating system.<\/p>\n
It's Widely Used and Easily Supported<\/h3>\n
The popularity among MSPs makes it much easier to support, thanks to the availability of user forums and records of known issues and fixes.<\/p>\n
It's Been Tried and Tested<\/h3>\n
BitLocker has been tried and tested, so users get a straightforward and secure solution thanks to the popularity of this solution across the industry.<\/p>\n
Further reading<\/span> Full Disk Encryption: BitLocker and Alternatives<\/a><\/p>\n Implementing BitLocker to encrypt devices on your network involves overcoming several different challenges. Prepare your plan of attack in advance and communicate it to all your staff and end-users who will be affected.<\/p>\n Developing a standard operating procedure (SOP)<\/a> will help to establish an understanding of the actions that need to be taken and the impact these will have. This SOP should include both the industry standards procedures and any specific procedures that relate to your company\u2019s practices. This SOP requires review by everyone involved in the process, including each end-user, before starting the rollout.<\/p>\n If possible, upgrade all your devices to the latest standard of the operating system before rolling out the BitLocker implementation. While Windows 7 supports BitLocker, as of January 2020, Microsoft no longer supports this version. Although Windows 7 remains a popular operating system, the loss of official support for bug-fixes makes it an unacceptable security risk that businesses should eliminate.<\/p>\n Encrypting drives brings the inherent risk that you may lose access to your data if the password is lost or the drive fails. Because of this, it's imperative to verify that every backup has completed successfully, and data is recoverable before the BitLocker implementation.<\/p>\n Encrypting devices throughout a network can be a significant project. The following steps will let you know what to expect during your specific implementation.<\/p>\n In many cases, businesses need every device on their network to be encrypted. There may be cases where it may be better to identify a list of the devices where encryption is required and only configure BitLocker on these specified devices. Determine the total number of devices that need to be encrypted depending on your specific situation.<\/p>\n Each device will require an additional level of authentication in the form of a passphrase before it can be accessed. As each device has its passphrases added, it's essential to have a standard to ensure that all passphrases provide the appropriate level of security. It's up to the MSP and the client to, between them, determine the minimum standards to implement. Remember that a simple passphrase will be simple to bypass, defeating the whole point of making an effort to implement BitLocker in the first place.<\/p>\nPreparing your Organization for BitLocker<\/h2>\n
Create an SOP for your Encryption Policy<\/h3>\n
Phase Out of Outdated Operating Systems<\/h3>\n
Confirm Solid Data Backups<\/h3>\n
![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/64dcb3ac-a304-4fdc-a704-c1242185e7c4.png\")
<\/a><\/span><\/span>\n<\/div>\n![\"WP](\"https:\/\/www.msp360.com\/resources\/wp-content\/uploads\/2018\/02\/Full-System-Backup-WP-icon.png\"){kind=icon}
<\/div>\n<\/div>\nDetermining Specific Requirements<\/h2>\n
Find Out Which Devices Need Encryption<\/h3>\n
Develop Passphrase Standards<\/h3>\n
![\"CTA\"](\"https:\/\/no-cache.hubspot.com\/cta\/default\/5442029\/09b0265a-a5a1-41bd-9699-418982b48e90.png\")
<\/a><\/span><\/span><\/div>\n