2021-05-12T14:18:00Z

What are Pros and Cons of Microsoft BitLocker?

Hi

I'm looking at various Endpoint Encryption products and one of them is Microsoft BitLocker.

Could you please share your personal experience and let me know the pros and cons of this Microsoft product?

Thank you!

5
PeerSpot user
5 Answers
DC
Application Programmer (Infrastructure and OA support) at a government with 10,001+ employees
Real User
Top 20
2021-05-14T02:04:15Z
May 14, 2021

Microsoft Bitlocker comes free with Windows but it lacks a full-fledged GUI, i.e. those users without command-line experience will find it difficult to use. Also, the recovery key files are to be kept as plain text as unencrypted (not safe). 


However, because of simplicity, the disk encryption and decryption processes are comparatively straightforward and hassleless if you know how to do it. 


To enable remote connection upon booting a Bitlocker client, a network control server (Microsoft option) has to be set up for the purpose, while it then requires all clients to have UEFI DHCP functionality, i.e. MBR-booted clients cannot be connected. As to the speed of disk encryption/decryption, Bitlocker is among the best options available in the market with the process taking less than an hour or so for a common NVMe 512GB SSD.

Search for a product comparison
James OConnor - PeerSpot reviewer
Sr. Solutions Sales Executive - Commercial/Charity/Healthcare/SMB Individual Contributor at Hypertec Direct
Reseller
Top 10
2021-05-13T19:01:47Z
May 13, 2021

The main Pro (vs other encryption products) is that BitLocker is native to the Microsoft operating system in Windows Pro & Enterprise.  It isn't something that stands on top of the OS.  It also will encrypt the entire drive.  Some other products only encrypt specific files/folders. 


Any encryption product will cause some level of drag on the operating system.  It has been noticed that BitLocker has less of a drag than some other products depending on how encryption is deployed or employed.  I recommend doing a proof of concept to be sure encryption does not affect your systems negatively.


If you just need to encrypt files or folders then other products may be a better fit.  But first, you need to be able to answer, "So why do you want to encrypt your devices?"...  If you don't have a compelling reason to encrypt your devices, maybe you shouldn't. 


One of the major reasons to encrypt endpoint devices is regulatory reasons. I would recommend BitLocker for any healthcare, financial services, high security work, government work etc., especially on their mobile devices or desktop devices in unsecure areas.  With regulatory issues you need to have management tools that will show you and the auditors that a specific device was "in fact encrypted" when it was lost or stolen.  If you use BitLocker without a management tool then you cannot unencrypt if a user looses the key, and you cannot prove it was encrypted if lost or stolen.  Keeping a spreadsheet of keys is a big No-No since it can also be stolen or compromised.


That being said there are a few different ways to manage Bit Locker and I think that is where there may be some room to look at other products.  Management tools for BitLocker also encrypt your keys on the management server so they cannot be compromised.


Management tools:


1: Configuration Manager.  If you are a full Microsoft shop and have invested in Software Assurance in your desktop operating system, have an Enterprise Agreement, Microsoft 365 or other agreement with Software Assurance then Configuration Manager may already be available to you.  If so, use Microsoft to manage BitLocker: https://techcommunity.microsof...


Protect data & Infrastructure Microsoft doc: https://docs.microsoft.com/en-...


2: Sophos.  Sophos has a management tool for BitLocker.


3: TrendMicro. Trend manages BitLocker in some of their solutions.


I am sure I am missing some others, and there may be other products that tout to be better, but be sure to ask yourself,   "So why do you want to encrypt your devices?"

TA
Senior Sales Engineer at Dell
Real User
2021-05-14T18:54:30Z
May 14, 2021

Out of the box, Bitlocker doesn’t meet FIPS 140-2 which is really the federal standard you should meet for encryption.   You can set it up to meet FIPS 140-2, however, even at that, it only achieves FIPS 140-2 Level 1.   You should look for products that meet Level 2 as a minimum.


I would also suggest doing a simple Google search for BitLocker hack. It’s quite amazing, and includes handy how to videos.

Beyond that, there are BitLocker issues around boot sector corruption, password sync that create a lot of administrative overhead.


Also, you need to consider centralized management of a Bitlocker environment that allows for key management as well as audit trails for proof of encryption.

reviewer1871409 - PeerSpot reviewer
User at diconium
User
2022-05-28T20:22:15Z
May 28, 2022

I see the answers have no 'cons'.  


Let me help with that. BitLocker can render your data and your drive is immediately inaccessible with only one tiny disc error. With a regular drive, such errors can be recovered and data can be retrieved.  


If you have a BitLocker drive, it's "Adios, data!". I tried BitLocker 3 times on cloned backups over the years. Every. Single. Time. I would, within days, get a BSOD upon entering the password. This thing is bad. Really bad. If you just need certain things encrypted, VeraCrypt is FAR more reliable.

Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Community Manager
2021-05-13T03:37:25Z
May 13, 2021

Hello @Usman Rasool@Blanca Flores ​and @Jos-Katengwa,


Can you please assist @EwoudSpreeuwenberg?

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Dec 13, 2021
How does Microsoft BitLocker compare with Symantec Endpoint Encryption? Which is better and why?
See 1 answer
Janet Staver - PeerSpot reviewer
Tech Blogger
Dec 13, 2021
Microsoft BitLocker is very intuitive and easy to maintain. It is basically the global standard solution for drive encryption and it successfully fulfills regulatory needs in terms of data protection. BitLocker consists of agent initialization and robust disk encryption algorithms, and does a good job with reporting on compliance. BitLocker will give you peace of mind by keeping your data safe - especially if employees lose their laptops, or if laptops are stolen - providing you with confidence that no data will be compromised. I like that BitLocker allows you to encrypt removable media as well. However, the encryption key management feature could be improved, and so could its OS compatibility and console management. Some other things I dislike about it are that oftentimes encryption fails to resume after it has been suspended, sometimes it can be time-consuming to encrypt a disk, and encrypting secondary drives can be tricky, to say the least. Symantec Endpoint Encryption’s most valuable feature by far is the messaging and shared folders. It offers great protection and is the perfect solution for large-scale deployments. In addition, it is low-maintenance, which is another big advantage because you rarely need to involve technical support. Moreover, it integrates very well with Symantec Messaging Gateway and Symantec DLP, which works to catch emails and send them to the encryption server which then communicates to the user that confidential information is being shared or sent out, giving administrators the chance to respond appropriately. Symantec Endpoint Encryption’s initial setup and installation is pretty straightforward and easy but the product comes with a high price tag. The only other setback with Symantec is that the program’s disk encryption is not very intuitive or user-friendly when it comes to Microsoft OS updates. Other than that, the product is a stable, reliable, all-in-one solution that is very suitable for enterprise data management. Conclusion: When comparing Microsoft BitLocker and Symantec Endpoint Encryption, they both have their sets of valuable and unique features, but they also both have setbacks. Your choice of product will ultimately be determined by what your organization’s requirements are and which solution can meet your needs best.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 9, 2021
Why?
See 1 answer
Janet Staver - PeerSpot reviewer
Tech Blogger
Nov 9, 2021
Microsoft BitLocker is very intuitive and easy to maintain. It is basically the global standard solution for drive encryption and successfully fulfills regulatory needs in terms of data protection. BitLocker consists of agent initialization, robust disk encryption algorithms, and does a good job with reporting on compliance. BitLocker will give you peace of mind by keeping your data safe - especially if employees lose their laptops, or if laptops are stolen - providing you with confidence that no data will be compromised. I like that BitLocker allows you to encrypt removable media as well. However, the encryption key management feature could be improved, and so could its OS compatibility and console management. Some other things I dislike about it are that oftentimes encryption fails to resume after it has been suspended, sometimes it can be time-consuming to encrypt a disk, and encrypting secondary drives can be tricky, to say the least. McAfee Complete Data Protection, on the other hand, offers a lot more protection. First of all, it encrypts your computer for you so you don’t have to. It scans emails to make sure there are no harmful attachments, it allows you to complete virus scans, filters harmful websites, and it will also proactively stop a download if it is unsafe. Although some might find its attempts to block things to be irritating, it is still an excellent product for all the features it provides without being intrusive. Sometimes the program can skew the formatting of some webpages, though, and drive encryption can be a bit slow to load at times. What I like most about it is that it gives you the status of all programs that you have running. Conclusion: Even though BitLocker helps keep files encrypted and adds an extra layer of security, I think it is worth considering McAfee as a better and more suitable option since it offers an all-in-one protection tool and is extremely user-friendly.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias. Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why. You can read user reviews for the Top 8 Endpoint Encryption Tools to help ...
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 25, 2022
Top 8 Endpoint Encryption Tools 2022
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to...
Download Free Report
Download our free Microsoft BitLocker Report and get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
DOWNLOAD NOW
653,757 professionals have used our research since 2012.