Interest in data protection has been growing as the incidents of data breach have escalated. Legislation in many jurisdictions now requires tough penalties, as well as public disclosure, when personally identifiable information is mishandled.
That’s led many SMBs and enterprises to explore implementing full disk encryption. With the much-publicized launch of Microsoft Windows 7 operating system (OS), many are examining the full disk encryption feature that comes standard on Ultimate and Enterprise editions of the popular new OS. By providing full-volume encryption, BitLocker ensures that any file saved on a computer’s drive is encrypted automatically.
“As organizations begin their migration to Windows 7, many are considering BitLocker encryption to assist in addressing both regulatory compliance mandates and internal privacy requirements” commented Eric Ouellet, Vice President, Secure Business Enablement Gartner. “Leveraging the local machine TPM feature is critical to ensuring strong security in these deployments. When combined with third party key managers that offer enhanced capabilities with increased ease of use, organizations are provided with a path to simplify deployment, administration and compliance.”
The adoption curve for Windows 7 is just beginning. Organizations can benefit from the strong cost and security advantages of turning on BitLocker with Wave’s central management application for configuring and implementing policy controls.
“We believe that encryption of all information on notebooks should be considered mandatory,” commented Steven Sprague, Wave’s President and CEO. “We continue to advocate that self-encrypting hard drives offer the best value. But buying SEDs for every PC may not be feasible in the short term, so a hybrid approach to encryption is needed. We believe that BitLocker is an excellent choice, and superior to after-market software-based encryption. It brings the added benefit of security from a layer of hardware protection, provided by turning on the TPM security chip standard in all business-class Windows 7 PCs.”
Activate, Deploy and Manage BitLocker
With a simple, easy-to-use console, Wave BitLocker Manager is designed to give time and resource-strapped IT departments a powerful tool to remotely discover and activate BitLocker client machines, as well as:
Assign users and associated policies within the Microsoft Active Directory framework—thereby simplifying deployment
Delegate role-based administration
Secure recovery passwords and record their usage
Report on the state of BitLocker settings and maintain an active log of changes
Monitor all BitLocker events for activation, policy management and user access/recovery
Strengthening Encryption with TPM Hardware Security Chip
BitLocker offers great protection when used in conjunction with the Trusted Platform Module, a closed cryptographic security chip that stores keys and credentials (and is a standard component on business-class PCs shipping with Windows 7). The TPM works with BitLocker to protect data, and ensures that a PC has not been tampered with. Among the benefits the TPM adds to BitLocker:
Keys are protected from being compromised—a problem for traditional aftermarket software FDE encryption applications
Transparency to the user experience—once the user powers up and logs into Windows, the key used for encryption remains sealed by the TPM
The integrity of the machine is determined by performing measurements to determine the “core root of trust” using the TPM
The drive can only be decrypted on a specific platform, as the TPM enables binding between the platform and the PC.
About Wave Systems Corp.
Wave provides software to help solve critical enterprise PC security challenges such as strong authentication, data protection, network access control and the management of these enterprise functions. Wave is a pioneer in hardware-based PC security and a founding member of the Trusted Computing Group (TCG), a consortium of more than 100 companies that forged open standards for hardware security. Wave’s EMBASSY' line of client- and server-side software leverages and manages the security functions of the TCG’s industry standard hardware security chip, the Trusted Platform Module (TPM) and supports the TCG’s “Opal” self-encrypting drive standard. Self-encrypting drives are a growing segment of the data protection market, offering increased security and better performance than many existing software-based encryption solutions.& nbsp; TPMs are included on an estimated 300 million PCs and are standard equipment on many enterprise-class PCs shipping today. Using TPMs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions. For more information about Wave and its solutions, visit http://www.wave.com .