What Is BitLocker And Why Is It Useful?

Share

In this article, we’ll take a look at how you can use BitLocker to protect your devices and drives from unauthorised access, even if they get lost or stolen.

You’re probably rather tired of hearing about the importance of security by now, whether it be at work or at home. People never stop telling us that no security measure is too much and that hackers and attackers are everywhere, waiting to pounce.

But today, we’re going to look at one security measure in particular and explain how you can use it to protect your data.

Let’s imagine that you’ve got a really expensive, latest-edition, top-of-the-range Surface Laptop Studio with all the extras; it costs almost €5,000, which to me seems rather ridiculous, no matter how good a device it is.

Now let’s suppose that you go to visit a customer to talk to them about a project. All the project information, the plans, designs, specifications, appendices and customer data, are on your laptop.

And actually, your laptop probably contains data about other customers too. You know, you’ve got an Excel spreadsheet or a database that contains the names and numbers of all your customers, including any quotes, orders, etc.

Now let’s imagine that you stop at a petrol station to fill up your tank. You go inside to pay, and during that brief lapse of concentration, someone steals your laptop right out of the car because you’ve made a very, very common mistake: you left it on the passenger seat.

This situation is actually not all that unusual. It happens a lot more than you’d think. But here, the problem is not just the fact that they’ve stolen your laptop; they’ve stolen your laptop, and now, they can get to your sensitive data.

In a situation like this, you could find yourself the victim of data filtering, or if your customer data is released, you could be slapped with a fine for breaching the GDPR and lose your customers’ trust entirely. It could even be a “targeted theft” by the competition.

So, what small security measure could we have taken to ensure that this situation remains an inconvenient theft and not a huge security breach?

Well, it’s as simple as activating BitLocker, a data protection solution offered by Microsoft for both business and home users.

 

But… What Is BitLocker?

BitLocker is a data protection feature included in Microsoft operating systems that allows you to encrypt your hard drive and thus prevent data theft.

Essentially, BitLocker prevents unauthorised users from accessing your data, even if the hard drive is removed and put in another device.

BitLocker first appeared as part of a Windows Vista update on 30 June 2007, and it can work on various different types of devices. However, it works best on devices that have TPM (Trusted Platform Module) 1.2 or later.

NOTE: The “TPM”, Trusted Platform Module, is a small chip embedded on the motherboard of modern devices and that allows you to store encryption keys for the operating system and thereby protect your most sensitive data.

However, if your device doesn’t have TPM 1.2 or later, you can still use BitLocker; you will just have to use USB sticks to store your recovery keys should you ever need them.

One of the main advantages of using BitLocker, aside from protecting your hard drive even if it is removed from your computer, is that it allows you to stop the system from booting up. With BitLocker enabled it will wait for the access key to unlock the disk before starting up the system.

 

What do you need to run BitLocker?

First, as we’ve mentioned, for optimal performance, your device will need to have TPM 1.2 or later. If you don’t, you’ll need some USB sticks.

If you do have TPM, you’ll also need to make sure that your UEFI or BIOS is TCG-compatible (Trusted Computing Group), as the UEFI or BIOS will establish a chain of trust for the pre-operating system startup. In either case, you’ll also need to be able to read and write to USB in the pre-operating system environment.

The hard drive that you’re working on should have at least two partitions: an initial NTFS-formatted one that contains the operating system and another of approximately 250-500MB that contains the boot data. These partitions are created automatically when Windows is installed.

The operating systems that support BitLocker are as follows:

  • Professional, Ultimate and Enterprise versions of Windows 7, Windows Vista, Windows 10 and Windows 11.
  • Windows Server 2008 and later.

 

How can I enable BitLocker on my device?

As tends to be the case with Windows systems, the answer is, “It depends”.

Firstly, for devices that belong to an AD DS domain, you can enable it using group policies, something that we’ll address in a future tutorial.

Then, the process will be different for modern devices and older versions of Windows, such as Windows 7.

For example, with Windows 7, we’ll need to prepare the TPM, which can be quite complicated. You’ll need to first access the BIOS or UEFI to activate the TPM , and you may need to install an additional controller for the operating system. You may also need to restart the computer several times for the changes to take effect.

Once you’ve done all this, the process is just as simple as the process for modern versions of Windows.

When working with Windows 10 or 11, or even 8 or 8.1, everything will already be prepared for you. All you need to do is select the drive that you want to protect.

 

Enabling BitLocker on a USB drive on Windows 10

In this example, we’re going to look at how to enable BitLocker on a USB drive on Windows 10.

First, open Windows Explorerright-click on the drive you’re interested in and select “Turn on BitLocker”.

Image - Select the drive on which you want to enable BitLocker
Image – Select the drive on which you want to enable BitLocker

 

Next, you’ll see a window asking how you want to unlock the drive once encrypted.

Here, you have two options:

  • Use a password to unlock the drive: If you select this option, you will need to enter the password twice.
  • Use my smart card to unlock the drive: In this case, you’ll need to have a smart card, a compatible reader and a PIN.

For this example, we’ll choose the password option.

Image - Select the password method to unlock the drive
Image – Select the password method to unlock the drive

Next, you need to choose how you want to back up your recovery key for the BitLocker drive.

This is the key you will use if you forget your access password.

You have two options:

  • Save to a file: This can NOT be saved on another encrypted drive.
  • Print the recovery key: Can be printed to PDF.
Image - Select how you want to back up your BitLocker recovery key
Image – Select how you want to back up your BitLocker recovery key

Below, you’ll see an example of a recovery key printout, where you can see both the identifier and the recovery key to use if you forget your password.

Image - Example of a recovery key printout for a BitLocker-encrypted
Image – Example of a recovery key printout for a BitLocker-encrypted

Next, choose how much of your drive to encrypt.

You have two options:

  • Encrypt used disk space only (faster and best for new PCs and drives).
  • Encrypt entire drive (Slower but best for PCs and drives already in use).
Image - Select how much of your drive to encrypt
Image – Select how much of your drive to encrypt

Next, you need to choose which encryption mode to use.

  • New encryption mode (best for fixed drives in this device).
  • Compatible mode (best for drives that can be moved from this device).

Here, we’ll choose the second option when using portable drives, particularly if we might need to mount it on an older operating system.

Image - Select the encryption mode
Image – Select the encryption mode

Finally, you just have to click on “Start encrypting” and get yourself a coffee while the process finishes. This will take quite a while, particularly for large drives.

Image - Click on "Start encrypting"
Image – Click on “Start encrypting”

Once encryption has started, a padlock symbol will appear next to the drive, and you will see a window with a progress bar.

Image - The encryption process has started
Image – The encryption process has started

Now you simply have to wait for the encryption to finish.

 

Summary

As you can see, BitLocker is a simple system to implement on modern computers and allows you to protect your data. It’s especially useful for devices like tabletslaptops and computers using external hard drives or USB sticks.

In this article, we’ve talked a little about the advantages and shown you how you can activate it on Windows 10. If you’d like to learn more, check out our tutorial, How to Configure BitLocker on Windows.

We hope that this article has been useful for you!

Thanks for reading!

Category:Cloud and Systems

Other posts that may interest you

9 de August de 2024
Choosing the right cloud service provider is a critical decision that can impact the quality of your software, customer
3 de July de 2024
Here at Jotelulu, we have designed our Disaster Recovery service specifically with SMEs in mind. But what arguments should
2 de July de 2024
In today’s article, we will explain some of the basic concepts that are important to understand about Jotelulu’s Disaster

Fill out the form and one of our Sales team will contact you soon.

growth@jotelulu.com  |  jotelulu.com 

You can unsubscribe from these communications at any time. For more information,  check our Privacy Policy.

 

We make the difficult easy

Existing Disaster Recovery tools often require advanced knowledge to manage, demanding expertise that is difficult to acquire.

Jotelulu’s Disaster Recovery aims to make the difficult easy and offers a very simple deployment based on a three-step configuration:

Origin (Primary Site)
Determine the origin location of the subscription on which the Disaster Recovery service will be established.

Destination (Recovery Site)
Set the destination location (availability zone) where you want the Recovery Site to be deployed.

Replication characteristics
Specify the data related to the number of copies to be kept and the frequency at which the replication will be performed.