Re: Using Bitlocker

[randy <marchany () VT EDU>]

Here are a couple of things to remember about using any Full Disk
Encryption (FDE) solution.

1. FDE should be PART of the the overall encryption scheme and not the ONLY
encryption scheme.
2. FDE is effective only when the machine is powered off.
3. Malware running with user privs will be able to open any file the user
can access in an FDE environment.
4. Additional file level encryption tools (Microsoft Office Encryption, PDF
file encryption, PDF portfolio, PGP, etc.) must be implemented to protect
sensitive data files when the system is powered up.

I have to remind our users that FDE is a component of the sensitive data
protection plan. It's not the SOLE protection tool.

-Randy Marchany
VA Tech IT Security Office & Lab

On Mon, Mar 30, 2015 at 10:57 AM, Garmon, Joel <garmonjs () wfu edu> wrote:

> We are using Bitlocker at our university and also for our hospital chain
> of 4 hospitals and 400 clinics.  No unusual issues.  We have had to have a
> few key recoveries and it works.  We use MBAM to manage it and that also
> works ok.
>
>
> Thank you,
>
> Joel Garmon
> Director Information Security
> Wake Forest University
> 336-758-2972
>
> On Mon, Mar 30, 2015 at 10:19 AM, KILDARE,Duane V <
> duane.kildare () uwimona edu jm> wrote:
>
> > I am thinking of using Bitlocker on systems for persons who handle
> > sensitive information.  I am just enquiring, if anyone has used Bitlocker
> > in any implementation, and any issues you had  or concerns?
> >
> >
> >
> > *Duane Kildare*
> >
> > *Information Technology Officer*
> >
> > *Office of the University CIO*
> >
> > *The University of the West Indies *
> >
> > *Regional Headquarters*
> >
> > *Hermitage Road*
> >
> > *Kingston 7*
> >
> > *Jamaica W.I*
> >
> >
> >
> > *Internal Extension:  8903*
> >
> > *(876) 702-2433 <%28876%29%20702-2433>/3641 (Office)*