What should one take into account when replacing PGP with Microsoft BitLocker?

  • 2
  • 422
PeerSpot user

3 Answers

Real User
Apr 29, 2021

Beware to make backup of useful data, then use reverse decryption policy from Symantec panel/McAfee ePO to decrypt the DE partitions while it is sometimes more straightforward and faster to reinstall the machine(s) all over from scratch (especially for mechanical hard drives taking one day or two if being decrypted). For uninstallation of the McAfee Agent and Encryption modules, it is advisable to use the McAfeeEndpointProductRemoval tool for greater ease and GUI simplicity as compared to batch command lines. When using Bitlocker, make sure all your partitions per machine are encrypted respectively with reference to a single unlock password of C: drive and do keep an offline record of recovery key(s) for emergency purpose.

Your replacement is a smart move because Windows Bitlocker seldom or never requires any version control and product upgrades, but then it misses out the functionality of centralized control as in Symantec panel or ePO Orchestrator.

Search for a product comparison in Endpoint Encryption
James OConnor - PeerSpot reviewer
Apr 29, 2021

From a licensing perspective, you will want to have management over BitLocker.  

With PGP you have a management tool to manage the encryption, but you are using a non-native product to encrypt your devices and may slow the device down or create other management issues.  

If you are in a regulated industry like Healthcare or just want more control over BitLocker, management is critical.  BitLocker is native to the operating system and an individual can encrypt their machine but then the keys are not secure so you have less protection from regulators.  

There are a few ways to manage BitLocker.

MBM or Microsoft BitLocker manager is part of some on-premise Microsoft licensing for Windows as well as Microsoft 365 Business Premium and Microsoft 365 E3/E5 (Not part of Office 365 E3/E5).  With MBM your keys are encrypted and reporting will show that the device is encrypted or unencrypted if lost.  That is very important with Healthcare Laptops, since a lost laptop can cost a healthcare organization $Millions depending on what the Healthcare Org can prove what was or was not on the laptop to the Federal Govt. "Office of Civil Rights"...

Sophos is another product that will manage BitLocker and encrypt the keys.

Trend Micro is another that will also manage BitLocker and encrypt the keys.

Real User
Jul 26, 2021

Do a google search on "bitlocker hack"

Review some of the videos to see just how easy it is.

Learn what your peers think about Microsoft BitLocker. Get advice and tips from experienced pros sharing their opinions. Updated: November 2023.
746,635 professionals have used our research since 2012.
BitLocker is a full disk encryption solution that protects your data from theft, hacking, and loss. BitLocker achieves this by encrypting the entire drive that hosts your operating system and all your data. BitLocker can work on all operating systems, drives, or devices, including portable storage devices. After BitLocker completes the data encryption, it generates a recovery key. Only those with the correct encryption key will be able to decrypt and access the encrypted files and...
Download Microsoft BitLocker ReportRead more

Related Q&As

Endpoint Encryption experts

Adriamcam - PeerSpot reviewer
Diana Alvarado - PeerSpot reviewer
Jonathan Ramos G. - PeerSpot reviewer
Nadeem Syed - PeerSpot reviewer
Hugo Alexis Espinoza Naranjo - PeerSpot reviewer
Edwin Solano Salmeron - PeerSpot reviewer
Fabian Miranda - PeerSpot reviewer
AshleyMorales - PeerSpot reviewer