BitLocker gets mentioned more and more lately. I understood the concept but didn’t know the details. While looking for something else, I can across a great video about BitLocker technology from Microsoft. Also Wikipedia has a BitLocker page.
I didn’t know that BitLocker could use TPM. I also didn’t know that Microsoft had invested so much work into making the drive secure. It is a very well thought out story.
The video is highly recommended to developers since it explains the use of TPM clearly. It does not go too deep but just enough to convey the basic workings with BitLocker.
It would make sense for businesses with laptops/notebooks/tablets to embrace this technology. It is a easy way to protect the disks in portable machines. The default case calls for TPM but also provides a seamless experience. The user would not need a PIN or USB key to supply the key to unlock the drive. The boot process would be transparent but yet protect against someone else getting access to the information.
The Wikipedia article mentions some weaknesses. Overall these weaknesses are not a serious threat. The biggest problem with Vista with BitLocker was the inability to encrypt non-boot drives. This was recently solved by SP1 and the release of WIndows Server 2008.
Only the highest end of licensing covers including BitLocker. It is a fairly good incentive to get it unless you are looking for a non-Microsoft solution that would perhaps not be as integrated.
Russell Humphries is the presenter in the Microsoft BitLocker video. After the recent February 2008 memory key reconstruction effort, he replied in the Windows Vista Security Blog.
Russell makes a great point during the presentation that security and usability are always a balance. I would argue that they are actually at opposite sides of the scale. Lately the push has been for more security which tends to reduce usability. The BitLocker team tried best to reach a usable range.