Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Real User
Jan 11, 2022
Are you in a regulated industry? If so using the native BitLocker is not enough to prove compliance. You will need to use something like BitLocker Administration and Monitoring (MBAM) which is part of MDOP (Microsoft Desktop Optimization Pack) or another tool that will manage Bitlocker and give you proof the device is encrypted in the event of a lost or stolen device. You also need to enforce secure password management, user training on passwords and regular password changes.
If you have Microsoft 365 Business premium you have additional controls over Bitlocker; or, M365 E3/E5, Windows Enterprise E3/E5 all have MDOP...
Other Bitlocker management can be found with SOPHOS and I believe TrendMicro as well.
Another tool to consider, especially for laptops, is ABSOLUTE software. It is built into the BIOS of the major laptop brands and just needs the key to activate it...
Also, ESET is a quality product for encryption. It gives you additional options for less than some of the Microsoft alternatives.
BitLocker is just not FREE if you are in a regulated industry since it needs management to truly be secure the device and prove compliance.
Customer Support Manager at M & M Information Technologies Limited
User
Jan 11, 2022
I guess the solution depends upon a couple of things for us and how we currently approach this for our clients.
We have both in place around a variety of small clients. As 99% of our systems have Windows Pro, they have BitLocker, therefore this would now be the first choice.
However, if the client requires centralised management and control we would then advise ESET. And that is the core to this for us, if they need central management, control, recovery - ESET every time.
If it is just encryption and there is no need to control/recover and a simple reformat would work (and loss of history/data is not an issue), then BitLocker is ok.
Are you in a regulated industry? If so using the native BitLocker is not enough to prove compliance. You will need to use something like BitLocker Administration and Monitoring (MBAM) which is part of MDOP (Microsoft Desktop Optimization Pack) or another tool that will manage Bitlocker and give you proof the device is encrypted in the event of a lost or stolen device. You also need to enforce secure password management, user training on passwords and regular password changes.
If you have Microsoft 365 Business premium you have additional controls over Bitlocker; or, M365 E3/E5, Windows Enterprise E3/E5 all have MDOP...
Other Bitlocker management can be found with SOPHOS and I believe TrendMicro as well.
Another tool to consider, especially for laptops, is ABSOLUTE software. It is built into the BIOS of the major laptop brands and just needs the key to activate it...
Also, ESET is a quality product for encryption. It gives you additional options for less than some of the Microsoft alternatives.
BitLocker is just not FREE if you are in a regulated industry since it needs management to truly be secure the device and prove compliance.
I hope some of this helps.
I guess the solution depends upon a couple of things for us and how we currently approach this for our clients.
We have both in place around a variety of small clients. As 99% of our systems have Windows Pro, they have BitLocker, therefore this would now be the first choice.
However, if the client requires centralised management and control we would then advise ESET. And that is the core to this for us, if they need central management, control, recovery - ESET every time.
If it is just encryption and there is no need to control/recover and a simple reformat would work (and loss of history/data is not an issue), then BitLocker is ok.