As you may know, I enabled Windows Vista’s BitLocker encryption on my laptop a couple of weeks ago, and since that time I have been reassured to know that should something happen to my laptop, all of the data on it is fully encrypted and secure. The whole process was very smooth – I simply enabled it in the Control Panel, and the encryption happened in the background over a morning. If you’re thinking of doing something similar for your laptops, you would benefit from reading an excellent TechNet article written by the Microsoft IT team – they’re the people that keep all of our in-house IT systems running.
The article deals with both the technical, and managerial issues, of managing the introduction, and also gives a unique insight into the challenges of change in a very tech-savvy environment. And the article is incredibly honest about the challenges faced, and the lessons learned. Here’s an extract:
Lessons Learned Lessons learned during Microsoft IT's BitLocker deployment include: Microsoft IT tried to retrofit the environment with BitLocker. A better approach would have been to move forward with new computers and then upgrade only existing computers that had the highest security risk. Microsoft IT thought BitLocker would be easier to deploy than it was. Microsoft IT relied on the BitLocker Preparation Tool to handle all aspects but found during testing that it failed in some situations, primarily due to locked files when trying to shrink the partition. Hardware needs rigorous testing at scale. Computers that test well in a lab environment sometimes yield different results in a production environment. In other words, one computer in a lab might look fine but thousands in the production environment have variance, such as differences in the BIOS. Recognizing high-business-impact data is a difficult, industry-wide issue. Few tools are available that enable organizations to find the types of high-business-impact data that users have on their computers.
Lessons learned during Microsoft IT's BitLocker deployment include:
Read the whole article here, and if you have time take a look at the whole IT Showcase section – a large section of the website in which the Microsoft IT team share their experiences in running a complex IT infrastructure (The “How Microsoft IT reduces costs” section is especially interesting)