Few BitLocker-Equipped PCs Encrypt Data

Sunday, September 26, 2010

Contributed By:
Bill Gerneglia

Article by Mark Henricks

Almost none of the personal computers equipped with Microsoft’s BitLocker data encryption software are actually encrypting data with it, according to a new study.

The report, by security vendor OPSWAT, found just 1.47 percent of Windows PCs that had BitLocker included in their operating systems were actively employing encryption.

To come up with its conclusions, OPSWAT analyzed more than 35,000 reports from users of its OESIS Framework manageability solution. The reports were submitted between July 1 and August 15, 2010.

Microsoft includes BitLocker with six operating configurations, including the Ultimate and Enterprise versions of Windows Vista and Windows 7, as well as Windows Server 2008 and Windows Server 2008 R2.

There are a variety of reasons users weren’t using already-installed encryption tool, OPSWAT Marketing Manager Jeff Garon said. They included lack of education about encryption benefits, lack of a corporate policy requiring encryption, fear of decreased system performance, and compatibility issues with disk encryption software or encrypted data and network devices such as SSL VPN.

The few users who were actively encrypting disk probably included particularly well-informed power users, people in regulated industries such as healthcare or those using company networks that require it.

“Our research also found a higher percentage of encryption usage for mobile devices such as laptops and netbooks,” Garon said. “This can most likely be attributed to these devices having a higher rate of theft, therefore having more need for encrypted data.”

Garon said users who weren’t encrypting risked potential public relations and compliance problems should sensitive data such as Social Security numbers, credit card information and medical records be exposed.

CIOs who would like to avoid these risks can take a couple of moves, starting with educating workers on benefits of disk encryption and dangers of working without it.

“Second would be to create a corporate policy which requires disk encryption usage on storage devices which would contain sensitive data,” Garon added.

To make sure the policy is workable, he suggested looking for a hard disk encryption vendor certified to interoperate with the network access device being employed.

Cross-posted from CIOZone

Share This! |

Views:	3272
Categories:	General
Industries:	Software
Tags:	Encryption Microsoft

Post Rating I Like this!

Comments:

You Must Register or Login to Comment

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked

Latest Member Comments

"I thought this article discuss a very important issue of security.If we have well developed technology in one particular field then we ..."

Mobile Security Processes Could Be Applied t... Johnnie Nix on 05-21-2013

"ATM machine are for our convenience but if we are not careful they can compromise our safety. Discount theater tickets "

ATM Security (And Really Learning from the P... Johnnie Nix on 05-21-2013

"A expressive case study is used to explore causation in order to find underlying principles. Case studies may be prospective in which c..."

New Study Published on Mobile Malware... Caitlin Rachel on 05-21-2013

"In the social sciences and life sciences a case study or case report is a descriptive or descriptive analysis of a someone, group or ev..."

Case Study: A Cloud Security Assessment... Caitlin Rachel on 05-21-2013