What is our primary use case?
We encrypt devices and disks that have the potential to be taken off-site, such as laptops, tablets, USB sticks, and USB disks. Basically, we encrypt any medium that has to be taken off-site. If we're giving out a USB stick to somebody, it is BitLocker encrypted. If somebody has to use a memory stick, the only way it gets out is if it is encrypted.
We use the version that is native to an operating system.
What is most valuable?
It is free and native to the OS. We don't have to worry about upgrades or maintaining the product. You encrypt the disk, and you save the recovery key. That's it. The person puts their password in, and after that, it is up to them. If they forget their password, they have to bring it in to get it unlocked.
What needs improvement?
User profiles can be improved so that people can create their own passwords. It has one password per machine, which is a problem. We would prefer each user to have his or her own boot password. Each user can have a username and password or biometrics, such as fingerprints and iris scanner, integrated into the boot process, but I really can't see that coming anytime soon, if ever.
For how long have I used the solution?
I have been using this solution for six or seven years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
It doesn't really need to scale. You use it as you need it and manage it with group policies.
How are customer service and technical support?
There is no need for support.
Which solution did I use previously and why did I switch?
We've used a few different disk encryption products, and we've kind of settled on BitLocker because it is native to the operating system. It is simple, and there is no maintenance on it.
We also use Symantec at the moment, but we are retiring Symantec. We had trouble getting all the machines back into the office to change the disk encryption. We have a few left with Symantec. With Symantec, the version that we had was pretty old, and I wasn't sure if it would actually even work with some of the later builds of Windows 10. In terms of maintenance, with Symantec, every time there is a new build of Windows 10, you either have to defer the update while they update with Symantec, or you can install it and hope for the best. It is not a very satisfactory situation where you might have to wait six months before you can go up onto the latest build of Windows.
How was the initial setup?
It wasn't complex. It just took me a while to figure it out and make it do what I wanted it to do. Everything is documented, and you just follow the documentation.
It is deployed on all new computers, and it is part of the build. It doesn't take very long. It takes only 10 or 15 minutes. While the disk is encrypting, you can do other things.
What about the implementation team?
I deployed it on some of the computers. BitLocker is maintained as part of the operating system. If there are any updates to Bitlocker, they come out as operating system updates.
What's my experience with pricing, setup cost, and licensing?
It is free. It is enabled as part of the operating system. Once you have an operating system license, you're licensed for Bitlocker.
What other advice do I have?
I would recommend this solution. It is quick and neat, and it does the trick.
I would rate Microsoft BitLocker a seven out of ten.