Can Microsoft's Bitlocker Save Us from Ourselves?By John G. Spooner | Posted 2006-05-30 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
The software giant, in an effort to help stem data losses and thefts that put PC users at risk, will offer a hard drive encryption tool with its Windows Vista operating system.
Microsoft is making it much more difficult to access and steal a business's vital data from one of its PCs.
The giant software maker will deliver Bitlocker, a hard drive encryption tool, as part of its forthcoming Windows Vista operating system, which is now in its second beta and is due to large businesses in November. Bitlocker, which will come with Windows Vista Enterprise and Ultimate editions, can be used to encrypt an entire hard drive, making it more difficult for someone to access the computer's data if it is lost or stolen.
Microsoft believes that Bitlocker will help companies guard against accidental losswhere a PC, as well as a server in many cases, is lost or possibly disposed of without its drive being wipedinappropriate access by company employees and even theft from individuals interested in a PC for its data. Despite the fact that hard drive encryption tools already exist, the act of including Bitlocker with Windows Vistaand integrating the tool with its Active Directory for things like automatically storing backup encryption keyscould get more businesses thinking about encrypting their PC hard drives, due to security concerns, industry watchers said.
Indeed, "One of my most favorite [new features] now in Windows Vista is Bitlocker Drive Encryption. Why is that? It's going to secure the information on a hard disk, whether it's in a laptop or a desktop PC, and if [a PC] is stolen nobody can get the data off of it," said Will Poole, senior vice president of Microsoft's Market Expansion Group, during a WinHEC keynote address on May 23 in Seattle. "I personally burned the better part of a perfectly nice Saturday just a few weeks ago, after being informed by a financial services company in New York that a PC had been stolen from their office that had my name, account information and Social Security number on it."
The availability of Bitlocker would have had made it harder for someone to access the data resident on the stolen machine, Poole said.
Although Bitlocker has not yet been tested widely given that Vista is still in beta, security industry watchers agreed that, at a minimum, the wider availability of hard drive encryption tools is a good step for companies looking to beef up their data security.
But security expert Bruce Schneier, chief technology officer at Mountain View, Calif.-based Counterpane Internet Security, warned that Bitlocker is not a panacea, but just one of several steps needed to keep data secure.
"In security, the devil is in the details," Schneier said. Still, "at the level I've read, [Bitlocker] seems well-designed."
Just like with any other software product, flaws are likely to crop up from time to time and require fixing, he said.
Bitlocker, Microsoft officials said, is capable of working either with or without a TPM (Trusted Platform Module) security chip. But they said they consider the encryption tool to be at its best when it can take advantage of the combination of a TPM 1.2-specification chip and a secure BIOS.
Read the full story on eWEEK.com: Can Microsoft's Bitlocker Save Us from Ourselves?