We use this solution to encrypt the data on three hard drives.
Securely encrypts our data, but the process is too slow
Pros and Cons
- "The product is stable."
- "The product is stable."
- "The encryption takes a long time to complete, and our system runs very slowly while it is encrypting."
- "The encryption takes a long time to complete, and our system runs very slowly while it is encrypting."
What is our primary use case?
What needs improvement?
The following areas need improvement:
- The encryption takes a long time to complete, and our system runs very slowly while it is encrypting.
- If you lose the data, or it becomes corrupted, then there is no backup for it. There is no way of recovering it.
- There are no clear guidelines for using this product.
- Technical support for this solution is poor.
For how long have I used the solution?
Trial / evaluation period (six months).
What do I think about the stability of the solution?
The product is stable.
Buyer's Guide
Microsoft BitLocker
March 2026
Learn what your peers think about Microsoft BitLocker. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
885,311 professionals have used our research since 2012.
How are customer service and support?
There is no technical support that assists with understanding BitLocker.
Which solution did I use previously and why did I switch?
I have used different solutions, personally, but that was while I was at my previous company.
How was the initial setup?
The initial setup for this solution is straightforward. We needed to change the group policy setting.
What about the implementation team?
I handled the installation myself.
We have two people working on the maintenance of the solution.
What other advice do I have?
I would rate this product a five out of ten.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Head of Operations (India) at a tech vendor with 51-200 employees
It is easy to implement and has AD integration
Pros and Cons
- "It is easy to implement and has AD integration."
- "It is easy to implement and has AD integration."
- "More customization options would have been nice, such as password selection, actions when the screen is locked, etc."
- "More customization options would have been nice, such as password selection, actions when the screen is locked, etc."
Buyer's Guide
Microsoft BitLocker
March 2026
Learn what your peers think about Microsoft BitLocker. Get advice and tips from experienced pros sharing their opinions. Updated: March 2026.
885,311 professionals have used our research since 2012.
Microsoft (Active Directory) Consultant at a logistics company with 5,001-10,000 employees
Prevents Unauthorised Access to Corporate Data
Pros and Cons
- "After the Microsoft BitLocker Administration and Monitoring (MBAM) implementation, in such cases, any unauthorised person will not be able to access the data."
IT Infrastructure Analyst at a tech services company with 501-1,000 employees
Provides disk protection while configuration is transparent to user, although implementation is complex
Pros and Cons
- "Integration with System Center Configuration Manager (C: and D: logical drives are encrypted before installing Windows via SCCM)."
- "With BitLocker I guarantee the protection of the disk and the configuration is transparent to the user."
- "The implementation of BitLocker is not simple. There are many prerequisites and hours of study and testing."
- "The implementation of BitLocker is not simple. There are many prerequisites and hours of study and testing."
InfoSec/Forensics/Countermeasures Specialist at DynCorp.
It did not conflict with Windows.
Pros and Cons
- "Whole Disk Encryption is great. BitLocker runs seamlessly during boot up."
- "BitLocker provides the common person with great security to guard against most threats consisting of efforts by unauthorized people who try to gain access to the computer by not allowing it to boot up absent a password."
- "There are options which could be implemented to make it a little more like PGP Whole Disk Encryption."
- "There are options which could be implemented to make it a little more like PGP Whole Disk Encryption."
Infrastructure Specialist at a healthcare company with 1,001-5,000 employees
Protects employee and enterprise data in case of loss of a laptop. Fills in part of an enterprise-wide security strategy.
Pros and Cons
- "Protects employee and enterprise data in case of loss of a laptop."
- "Remote management (e.g., enable/disable, reset, etc.) of PIN codes and recovery keys would be a nice feature."
Info Sec Consultant at Size 41 Digital
Real User
Top 5Mar 13, 2017
Bitlocker - defence in depth
Understanding your responsibilities for disaster recovery at a departmental level can be difficult; IT departments are holistic entities. We deal with systems, people, security, servers and infrastructure... but we also need to think about things at a granular level so we can ready ourselves for when a terrible system failure occurs - it always will.
My problem was that we needed to ensure we had a very basic form of disaster recovery for our staff who were planning an event that gave us the biggest turnover of our year. Okay, so, our staff needed to take business critical information out of the office on something they could access individually. Yes, we could have used cloud storage but the staff needed full portability and access with or without the internet. Not to make a mountain out of a mole hill - USB keys.
I know. USB keys. Oddly they seem very fond of train seats and restaurant chairs because we keep hearing about them being found everywhere with private information on them.I think we're all agreed that - in the wrong hands - USB keys can be a bit of a nightmare. Of course, in the right hands they can be a nifty thing but the password must be strong enough,. It also shouldn't be able to be changed by staff.
Here we have a solution to the problem of securing drives in easy reach - Bitlocker. I literally can't think of an easier product to use. Click. Choose a couple of options or leave them as the default. Save. Done. I’m not underplaying this, it really is simple.
The aim of the game is to provide security against thefts that are spur of the moment, or people finding items that are lost; no-one wants to be the government department that loses a USB key full of people's NI numbers. We need to show due diligence in securing the storage devices that will be leaving the office.
How does it all work?
Bitlocker uses TPM (Trusted Platform Module) but can be used without it via a small change from the sys admin of your org (probably you)
And it really is quite simple:
It comes with a recovery key that the IT dept can keep a hold of in case the password is forgotten.To reiterate, it's included in some Windows software so free. When working for charities this is a great bonus especially if they insist on USB drives even though we all know they are a real risk to info getting out into the open.
So, Bitlocker is designed to secure your drives (even removable ones) in an easy fashion. Does it do that? Yes, very much so. Is it easy to use? I’m not sure they could have made it easier.
Is it secure? Secure enough from situational thieves and unskilled (in hacking) malicious current/ex-staff.
Did I find any bad points? To be honest, no. Job done. Bitlocker for securing drives, especially USB drives that leave the office. If you need something stronger then the drive probably shouldn't be leaving the office in the first place.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Security Expert at a tech company with 10,001+ employees
Vendor
Aug 20, 2013
IronKey verses BitLocker-To-Go with smart cards (part 1)
This post originally appeared on the Random Oracle blog at https://randomoracle.wordpress.com/2013/03/02/ironkey-verses-bitlocker-to-go-with-smart-cards-part-1/
IronKey is one of the better known examples of “secure flash drive,” a category of products targeted at enterprises and security-conscious users for portable storage with hardware encryption. From a certain perspective, this entire category owes its existence to a failure of smart card adoption in the same target market. All of the functionality of dedicated hardware encryption products can be implemented with equal or better security, at much lower cost and greater flexibility using general purpose smart cards and off-the-shelf software.
Case in point: BitLocker-To-Go (“B2LG” for short) available in Windows 7 and later versions, provides full disk encryption for any old USB drive, with keys managed externally. B2LG is closely related to the original Bitlocker feature introduced in Vista, which protected boot volumes with the help of a trusted platform module. The latter is a more difficult proposition, as booting a modern OS involves several stages, each depending on executing code from the encrypted disk. Maintaining integrity of this code loaded during boot is as much of a concern as confidentiality, because altering the operating system can be an avenue of bypass against disk encryption. By contrast B2LG is concerned strictly with reading data after the OS has been already booted into a steady state.
Context menu on a removable drive, showing the option to enable BitLocker
BL2G can be configured to use either passwords or smart card for encryption:
Choosing between passphrase and smart card, when enabling BitLocker.
The first configuration is susceptible to the usual offline guessing attacks, much like Android disk encryption, because keys are derived from a low-entropy secret chosen by the user. In the second configuration, the bulk-data encryption key is randomly and sealed using a public-key associated with the smart card. Unsealing that to recover the original key can only be done by asking the card to perform a private key operation, which is what smart cards are designed to implement with high security.
PIN dialog during private key operation to unlock a volume protected by BitLocker To Go.
Comparing a USB drive with built-in encryption with B2LG coupled to smart cards card, these solutions achieve similar but not identical, security profiles:
- In both cases, bulk data encryption key is not derived from user-entered PIN or pass-phrase. A key based on “12345678″ is not any more likely than one based on “c8#J2*}ep
- In both cases there is a limit to online guessing attacks by trying different PIN/password choices. For dedicated drives, the retry count is typically fixed by the manufacturer. For BL2G, it depends on the application installed on the card, translating into more flexibility.
- BitLocker defaults to AES with 128-bit keys, along with a home-brew diffuser to emulate a wide-block cipher operating on sectors. Dedicated flash drives typically boast slightly more modern cryptography, with 256-bit AES in standardized XTS mode. (Not that any practical attacks exist against 128-bit keys or the custom diffuser. But one can imagine that manufacturers are caught in a marketing arms race: as soon as one declares support for the wider key length and starts throwing around “256″ as magic number, everyone else is required to follow suit for the sake of parity.)
- For those comforted by external validation, there are many smart cards with FIPS 140 level 3 certification (as well as Common Criteria EAL 5+) in much the same way that many of the drives boast FIPS compliance. Again BL2G provides for greater choice here: instead of being stuck with the specific brand of tamper-resistant hardware the drive manufacturer decided to use, an enterprise or end-user can go with their own trusted card/token model.
- BL2G has better resilience against physical theft: an attacker would have to capture the drive and the card, before they get to worrying about user PIN. If only the drive itself is lost, any data residing there can be rendered useless by destroying the cryptographic keys on the smart card. By contrast a lost IronKey is a permanent liability, just in case the attackers discover the password in the future.
- Neither approach is resilient against local malware. If the drives are unlocked while attached to a compromised machine, all stored data is at risk. Some smart cards can support external PIN entry, in which case local malware can not observe the PIN by watching keystrokes. But this is little consolation, as malware can request the card to perform any operation while connected. Similarly while the IronKey PIN must be collected on PC and subject to interception, there are other models such as Aegis Secure Key with their own integrated PIN pad.
- BitLocker has one convenience feature that may result in weaker configuration. There is an option to automatically unlock drives, implemented by caching the key after successful decryption. Once cached, the smart card is no longer required to access the same drive in the future, because the key is already known. If the user makes an unwise decision to use this feature on a laptop which is stolen (or equivalently, remotely compromised) the persisted key can be used to decrypt the drive. Meanwhile the proprietary software accompanying IronKey does not provide an option to cache passwords. (That said, nothing stops a determined user from saving it to a local file.)
The second part of this post will look at other dimensions, such as performance, cost effectiveness and scaling, where BitLocker & smart card combination enjoys a decisive advantage over dedicated hardware.
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Buyer's Guide
Download our free Microsoft BitLocker Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2026
Popular Comparisons
Digital Guardian
ESET Endpoint Encryption
Symantec Endpoint Encryption
OpenText Data Privacy and Protection Foundation (Voltage)
McAfee Complete Data Protection
Sophos SafeGuard
WinMagic SecureDoc
Oracle Advanced Security
Check Point Full Disk Encryption Software Blade
Fortanix Data Security Manager
Wave Systems Safend Data Protection Suite
ZENworks Suite
Secude SecureFolder
OpenText Connected MX
Buyer's Guide
Download our free Microsoft BitLocker Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- What are Pros and Cons of Microsoft BitLocker?
- What should one take into account when replacing PGP with Microsoft BitLocker?
- How does ESET Endpoint Encryption compare to BitLocker?
- What are the main pros and cons of the various Endpoint Encryption solutions on the market?
- How can I tell if there is encryption on?
- Would you choose Microsoft BitLocker or McAfee Complete Data Protection?
- How does Microsoft BitLocker compare with Symantec Endpoint Encryption?
- Which full disk encryption software should we chose?
- What is the difference between "data protection in transit" vs "data protection at rest"?
- What is the best email encryption software for small enterprises using Office 365?
BitLocker interfaces perfectly with Windows since it is a Microsoft product. The encryption is and security methods used to prevent unauthorized access to booting up the computer are decent too! Some products do not compliment Windows and will sometimes freeze. That is why I like to recommend BitLocker.