I’m guessing that you expend a significant amount of effort and money to ensure that your organisation’s data is kept safe. If your organisation is like most, I’m guessing that much of the effort and money around protecting your data is spent on keeping intruders out of your network. But what happens when your sensitive data hits the road? When an employee decides that she needs to work on that financial document or marketing campaign at home? When her best option to get that file home is a USB flash drive?
For the past 10 years, ZENworks Endpoint Security Management has provided policy-enforced encryption of removable drives, helping you ensure that sensitive data remains secure while on the move. We’ve provided this capability through an internal encryption engine controlled by our Data Encryption policy.
With the ZENworks 2017 Update 2 release, we’ve enhanced our removable drive encryption by adding Microsoft BitLocker support. So, given the fact that we already provide removable drive encryption, why did we add this ability? Well, the main reason is that you, our ZENworks customers, requested it.
Over the last year, as I would ask customers about their security concerns, I heard a lot of complaints about the lack (or difficulty) of centralised BitLocker key management. Apparently, more than a few users had lost data by locking themselves out of their drives when they forgot the password and couldn’t find the recovery key file.
Based on our extensive experience with key management, my Endpoint Security development team knew that we could solve this problem and provide a really strong centrally-managed solution for BitLocker removable drive encryption. And that’s what we’ve done.
Introducing Managed BitLocker Encryption
ZENworks Endpoint Security Management allows you to enforce BitLocker encryption on any drives that native BitLocker recognises as Removable Data Drives. Windows 7, Windows 8, and Windows 10 devices are all supported.
In addition, ZENworks enhances the BitLocker experience by providing password recovery options not available in native BitLocker. During drive encryption, a user can add a password hint when defining the unlock password. If needed, the user can display this hint when unlocking the drive. But if the hint doesn’t help, the user is still okay because we add a zone key during encryption of the drive; this key allows the user, with the help of an administrator, to unlock the drive and reset its password.
BitLocker encryption management is provided through our new Microsoft Data Encryption policy (Figure 1). The policy settings, explained below, let you control both the standard BitLocker encryption options as well as a few ZENworks-specific settings that enhance your control of BitLocker encryption.
This article was first published in Open Horizons Magazine, Issue 39, 2017/4, p23-26.
Darrin VandenBos is the Product manager for ZENworks Endpoint Security, Full Disk Encryption and Patch management. He has worked with ZENworks since its inception. He enjoys golf, travel and spending time with his wife and three children.