One priority for Microsoft when developing BitLocker was to minimize its impact, both to the hardware and the user. Thus, when run in its default mode, BitLocker allows the drive to remain encrypted and secure against the most common offline attacks, with no extra steps for the user.
This mechanism could still fall victim to attackers if they subvert the BitLocker process after the key has been extracted from the TPM, though that threat is minimal. Still, for high-risk environments, BitLocker should be configured to require a PIN or special USB key as a part of the boot process. Default key length and other encryption options can also be adjusted in response to more stringent requirements.
Another important feature in BitLocker is the ability to have drive keys escrowed using Active Directory, similar to the way EFS-encrypted content can have a data recovery agent specified. Escrow allows a hard drive, encrypted file or volume to be moved from one laptop to another--for example, in the case of a motherboard failure--and allow recovery of encrypted data.
Microsoft's Rights Management Services for Windows 2003 was developed to help enterprises address the digital rights management problem. With RMS, access to documents can be restricted to a certain subset of users, even a subset of behaviors--read-only, for example, but no printing. Of course, sharing documents with other organizations requires that you establish trust between your respective RMS systems, use Microsoft .Net Passport services for recipients within an RMS-enabled infrastructure, or forego protection.
Microsoft's full lineup of enterprise encryption and key management products is huge: From Exchange 2003 now fully supporting S/MIME for e-mail security, to Windows Server 2003 Certificate Authority to create and manage the key infrastructure, to the Microsoft Office Live Communications Server 2005 for encrypted IM communications, it's hard to find a single aspect of communication and data storage that can't be encrypted, seamlessly and automatically, if you're willing to go with Microsoft end-to-end.
Prescription For Encryption
Pending 6GHz spectrum availability, faster speeds, and private wireless access use drive FWA forward.
The new HPE Aruba 730 series Wi-Fi 7 access points tout high performance, enhanced security, location tracking capabilities, and more.
Verizon is demoing crowd analytics technology that uses 5G along with AI and mobile edge computing to give stadium operators insights into the flow of fans throughout a venue.
