Best whole disk encryption for Windows
Overall Satisfaction with BitLocker Drive Encryption
We use it across our whole organization to encrypt all internal drives on our employees' computers. The main problem it addresses is stolen or forgotten computers. With Bitlocker we don't have to worry about credentials or confidential information getting stolen when a computer is stolen or forgotten somewhere. It also saves us some work as we don't have to reset all the credentials and access of the user when this occurs. In addition, it gives our users the peace of mind if they have to leave their computer in a car or in an hotel room for a day. And finally, with whole drive encryption, you don't have to count on your users to put the sensitive information in the encrypted container.
Pros
- Practically no impact on read performance and low impact on write performance compared to others.
- Integrated into Windows/no additional cost
- Easy deployment
- Whole drive encryption
- Uses hardware chip to offer better security
Cons
- Even if it's the best we tested, I think write performance could be improved. Maybe with dedicated hardware inside the TPM?
- No integration with OS password is a shame as most others have it and it is Microsoft on Microsoft so they can probably do it better then anyone else and safer.
- I wish they would support multiple passwords like FileVault on macOS. If it's a shared computer, you have to give the only password to Bitlocker to both users.
- It allowed us to move to whole drive encryption without much effort
- Integrated in Windows Enterprise, so free
- With the right recovery key, it is really easy for IT to recover the data, backup or reset the user's password.
- McAfee drive encryption and Symantec Drive Encryption
Most other whole drive encryption tools are really not that easy to manage and come with big performance when compared to Bitlocker. Also, a lot of them don't use TPM which in my opinion gives you better protection.
As for Truecrypt which was what we were using before, it is not whole drive encryption and because of that you have to count on your users to manage sensitive data correctly and you are bound to have at least one user put sensitive data on a non-encrypted partition.
Self-encrypting disks are expensive and hard to manage but will give you practically no performance [issues]. If performance is what you need at any cost this is probably the solution.
As for Truecrypt which was what we were using before, it is not whole drive encryption and because of that you have to count on your users to manage sensitive data correctly and you are bound to have at least one user put sensitive data on a non-encrypted partition.
Self-encrypting disks are expensive and hard to manage but will give you practically no performance [issues]. If performance is what you need at any cost this is probably the solution.
Comments
Please log in to join the conversation