aidarrow-end-inversearrow-endarrow-left-angulararrow-left-angularWhy choose AvectoAchieve complianceOperational efficiencycompliancedefendpoint-coloureddefendpoint-thin-2DesktopScaleResources.iconsAsset 21insider-threatsavecto-logo-smallquotation-marksransomwareArticleUse caseWebinarResources.iconssafePrevent attacksAsset 19social-engineeringTrustedtriangleStop insider attacksAsset 20Resources.iconsResources.iconszero-days


Guide to defense in depth: The hidden flaws in Windows

Page 04 Download the eBook

Implementing hard drive encryption in Windows

In Windows, I always recommend to use the built-in BitLocker encryption. You need to have an Enterprise-version of Windows 7 or any version of Windows 8 or Windows 10 to be able to use it. The problem that I mostly face is people calling me and asking me to come and help them implement BitLocker in their environment. I always reply "you're too late" as an easy to administer, cost-effective to implement and secure BitLocker implementation starts by choosing the right PC hardware.

My number one instruction on this matter is: Never choose laptop models with PCI-Express, Firewire or ThunderBolt connections. All of them support Direct Memory Access (DMA) which is the biggest enemy of any encryption or security technology.

When implementing BitLocker, aim for TPM-only scenario described by Microsoft. That's perfect for 95% of customers if deployed correctly and it's both secure and easy to manage.

Remember: if you don't have hard drive encryption on your Windows box, it gets hacked with a single command that can't be prevented by any anti-malware solution out there.