Data Encryption

BitLocker Functions

Essentially, BitLocker is a built-in feature in several Windows operating system that helps encrypt drives. The minimum requirements for enabling BitLocker on a computer is to have at least two partition and a TPM (Trusted Platform Module). The one other partition is for the one that will be encrypted by BitLocker. TPM is a chip which is located in the motherboard though not every motherboard is equipped with TPM. The requirements for TPM could be configured through a GPO.

When enabling a BitLocker, the wizard will ask a password or a smartcard for unlocking the drive. After that, a recovery key will be generated and can be stored in different ways. This recovery key is a safety measure in case the administrator forgot the password. The recovery key should be stored safely and preferably in a USB drive.

Once a padlock is displayed on the drive it means BitLocker has been enabled on the drive. User who has access to the computer will nnot be able to access the drive unless they have the password or recovery key.

BitLocker Protection

In terms of protecction, BitLocker provide encryption on drives which the administrator want to have more security on it. Therefore, any unauthorized access will be denied to the drive. The application of BitLocker would be perfect for removable disks such as USB or and external hard drive. Everytime the removable disks is plugged in to a PC, it would ask for a password to access the data inside.

However, normally BitLocker is used with TPM where it protects from offline attacks such as stolen PC or drive. Therefore, when a drive gets stolen, it cannot be accessed through other computer because the encryption key is included in the TPM. And when a PC gets stolen, it still needs additional security whether it is a USB key or a password to access the drive.

There are some concerns regarding the protection of BitLocker where it is a closed-source program. Though it has been said that it has no backdoors, it is still not a guarantee for some people who want to have a fully secure encryption. However, if it is only used for securing PC to protect your data from unauthorized access, BitLocker is still a good program to use.

Recovery Keys

As stated before, there are several ways in storing the recovery keys and storing it as a text file in the same computer would not be effective at all. A traditional but secure way of storing the recovery key is to make a printout of the keys and secure it in a safe place. An alternative is using a USB which should physically stored securely.Another option is that the recovery keys could be stored in a Microsoft account where it could be retrieved by accessing the account.