Microsoft's BitLocker Drive Encryption is a widely accepted data security measure adopted by many organisations operating in Windows environments. BitLocker addresses the threats of data theft, however it does have its limitations for businesses running multiple devices across various operating systems - which is common in the modern day.

With Managed Encryption BitLocker Enhancement, organisations can improve their existing BitLocker deployment with a centrally managed solution along with a number of value added features.

Does Microsoft BitLocker alone offer good enough protection?

The short answer is ‘no’. BitLocker is a great solution; delivering fast, integrated encryption protection for Windows environments. But as we mentioned earlier, BitLocker only covers Windows devices and also requires tools to enforce and prove compliance in the case of device loss or theft. Plus, it’s costly to manage and uses complex PINS which get in the way of user productivity and workflows.

Your enterprise doesn’t operate on only one platform or restrict data access to corporately owned devices. So relying solely on the native encryption protection offered by BitLocker will leave you with significant security and compliance gaps.

BitLocker Pros	BitLocker Cons
Native: Because it’s built-in OS encryption, it delivers better performance and compatibility than most third-party solutions Complementary: Some basic management tools are already included in MDOP for Windows Software Assurance/Volume Licensing customers Integrated: BitLocker is supported in Microsoft Azure with Azure Disk Encryption	Costly: Needs a lot of IT Helpdesk and management support; cannot manage macOS or Linux devices Compliance gaps: BitLocker – with or without MBAM – can easily be disabled or ‘suspended’ by certain users and applications, so you can’t use it on its own to demonstrate devices are in a compliant state after deployment Management complexity: Managing it requires a minimum of two servers and relies on open and insecure Group Policy Objects to manage data protection policies User experience: BitLocker without PIN authentication offers the lowest level of data protection, but with a PIN it’s disruptive to users

BitLocker Pros

BitLocker Cons

Native: Because it’s built-in OS encryption, it delivers better performance and compatibility than most third-party solutions
Complementary: Some basic management tools are already included in MDOP for Windows Software Assurance/Volume Licensing customers
Integrated: BitLocker is supported in Microsoft Azure with Azure Disk Encryption

Costly: Needs a lot of IT Helpdesk and management support; cannot manage macOS or Linux devices
Compliance gaps: BitLocker – with or without MBAM – can easily be disabled or ‘suspended’ by certain users and applications, so you can’t use it on its own to demonstrate devices are in a compliant state after deployment
Management complexity: Managing it requires a minimum of two servers and relies on open and insecure Group Policy Objects to manage data protection policies
User experience: BitLocker without PIN authentication offers the lowest level of data protection, but with a PIN it’s disruptive to users

Close compliance gaps, once and for all.

One of the main reasons why businesses deploy encryption is compliance – it’s true! It’s the number one driver for new installations and with GDPR now live, it continues to be a top IT concern. Because BitLocker doesn’t come with centralised management, visibility and control, you can’t use it to prove encryption protection, in the way regulators require. Furthermore, any user with privileged administration rights can tamper with encryption settings and disable BitLocker.

SecureDoc Encryption layered on top of BitLocker can prevent tampering by blocking users from accidentally or maliciously disabling BitLocker protection and also enable detailed, real-time reporting such as historical data and user login activity.

How to make BitLocker Simple, Smart and Secure with SecureDoc?