Understanding your responsibilities for disaster recovery at a departmental level can be difficult; IT departments are holistic entities. We deal with systems, people, security, servers and infrastructure... but we also need to think about things at a granular level so we can ready ourselves for when a terrible system failure occurs - it always will.
My problem was that we needed to ensure we had a very basic form of disaster recovery for our staff who were planning an event that gave us the biggest turnover of our year. Okay, so, our staff needed to take business critical information out of the office on something they could access individually. Yes, we could have used cloud storage but the staff needed full portability and access with or without the internet. Not to make a mountain out of a mole hill - USB keys.
I know. USB keys. Oddly they seem very fond of train seats and restaurant chairs because we keep hearing about them being found everywhere with private information on them.I think we're all agreed that - in the wrong hands - USB keys can be a bit of a nightmare. Of course, in the right hands they can be a nifty thing but the password must be strong enough,. It also shouldn't be able to be changed by staff.
Here we have a solution to the problem of securing drives in easy reach - Bitlocker. I literally can't think of an easier product to use. Click. Choose a couple of options or leave them as the default. Save. Done. I’m not underplaying this, it really is simple.
The aim of the game is to provide security against thefts that are spur of the moment, or people finding items that are lost; no-one wants to be the government department that loses a USB key full of people's NI numbers. We need to show due diligence in securing the storage devices that will be leaving the office.
How does it all work?
Bitlocker uses TPM (Trusted Platform Module) but can be used without it via a small change from the sys admin of your org (probably you)
And it really is quite simple:
It comes with a recovery key that the IT dept can keep a hold of in case the password is forgotten.To reiterate, it's included in some Windows software so free. When working for charities this is a great bonus especially if they insist on USB drives even though we all know they are a real risk to info getting out into the open.
So, Bitlocker is designed to secure your drives (even removable ones) in an easy fashion. Does it do that? Yes, very much so. Is it easy to use? I’m not sure they could have made it easier.
Is it secure? Secure enough from situational thieves and unskilled (in hacking) malicious current/ex-staff.
Did I find any bad points? To be honest, no. Job done. Bitlocker for securing drives, especially USB drives that leave the office. If you need something stronger then the drive probably shouldn't be leaving the office in the first place.