As more users have migrated to mobile computing, using laptops instead of desktops to enable them to carry their work home or on the road, corporations and security administrators have had to struggle with the resulting security implications. Most enterprises have some form of VPN (Virtual Private Networking) to allow remote users to connect securely with network resources on the internal network, but that is only part of the battle.

In the past few years, story after story after story has hit the news regarding information security breaches resulting from laptops that are lost or stolen. The Home Depot, Boeing, and The Gap stories are just a handful of examples of lost or stolen laptops containing sensitive and personal information on hundreds of thousands of individuals. With the rise in the use of mobile computing, organizations need to implement security that protects the data on the device in case it is lost or stolen.

In some versions of Windows Vista, and in the upcoming Windows Server 2008, Microsoft has incorporated a new technology that can help protect data on laptops and provide some assurance that the data will not be compromised even if the laptop falls into the wrong hands. Bitlocker encrypts all user files and system files on the Operating System Volume of the hard drive. It also encrypts the swap and hibernate files to protect the data stored in them.

You must have at least two partitions on your computer to use Bitlocker. Pre-boot authentication and system integrity checks occur outside of the encrypted volume before access is allowed to the encrypted data. The unencrypted volume must be a minimum of 1.5Gb to ensure enough space for boot files, the Windows Pre-Execution Environment (WinPE), and other necessary files.

Bitlocker is designed to leverage the Trusted Platform Module (TPM) chip found on newer motherboards. The TPM provides improved security, including the ability for Bitlocker to verify the integrity of the system and ensure that the drive has not been removed and installed on a different computer. Bitlocker can be run on systems that do not have a TPM, but it will not be able to do the pre-boot integrity verification.

Using Bitlocker, confidential and sensitive information is protected even if a laptop is lost or stolen. Without the proper authentication, the data will remain encrypted and the thief will be unable to access any of the files. By implementing Bitlocker encryption on all laptops, organizations can ensure that they don’t end up being tomorrow’s headline news story for compromising customer or corporate data.

Enter your email address to get Hack Report news via email:

No Comments

No comments yet.

Comments RSS TrackBack Identifier URI

Leave a comment

Name (required)

Mail (will not be published) (required)

Website