How Not To Lose Data With BitLocker

How Not To Lose Data With BitLocker
Page content

With BitLocker Drive Encryption, you can completely lockdown your data. When a computer is encrypted with BitLocker, the data on it can only be accessed by a person who knows either the log on password or the recovery password. Great! Your users can now lose as many laptops as they like without you having to worry about a malicious third party accessing their data! But there is also a downside to BitLocker: should a user lose his or her log-on password and recovery password, the data encrypted with BitLocker will become completely and permanently inaccessible. To all intents and purposes, it will be gone for good.

There are, however, some steps you can take that will help ensure that neither you nor your users end up suffering from the BitLocker Blues:

  • Backup recovery data to Active Directory Domain Services (AD DS). This is the best and easiest way to avoid possible data loss. See Configuring Active Directory to Back up Windows BitLocker Drive Encryption and Trusted Platform Module Recovery Information for more information. Should backing up to AD DS not be an option, consider doing one or more of the following.
    • Ensure that users understand the importance of their recovery passwords and require that they save it to more than one location. For example, you could require that recovery passwords be both saved to a USB drive and printed and that printed copies be held in secure storage within the office.
    • Require that users backup any important data to a location off the BitLocker encrypted volume.

Providing users with BitLocker is risky, but it’s certainly not as risky as allowing them to carry unencrypted data out of the office.

One final piece of advice: stress to users that they should never keep the medium on which their recovery password is stored with their computer; it’s akin to leaving the keys in the ignition of an unattended vehicle!

More BitLocker Articles

For more tips and hints on using BitLocker, be sure to read our articles Protecting Your Data with BitLocker Drive Encryption and How to Use BitLocker Drive Encryption Without a TPM Chip and BitLocker Recovery Password Viewer Helps You Not to Lose Data .