What is our primary use case?
I am a solution provider in Congo and I propose products such as Microsoft BitLocker to my customers.
My clients use this solution to protect their data in cases where computers are stolen. In this region, theft of computers from companies is quite common and the data that is stored needs to be protected.
What is most valuable?
The most valuable feature is the TPM (Trusted Platform Module), which makes the PC security stronger because somebody who is not from the team cannot access the PC without the decryption PIN. If the hard drive is removed from the computer then the data is still encrypted, and even a USB key can be protected by using this solution. This makes my customers very happy.
This solution is not cost-effective and it is easy to implement.
It is very easy to deploy BitLocker on machines that are running Microsoft Windows Server 2012 because it can be done automatically.
What needs improvement?
It takes a very long time to encrypt a disk, so I think that speed is something that can be improved. It can take more than two hours to encrypt a disk with one terabyte of data. When my clients are working, they don't really like having to look at a progress bar to tell them that the disk is in the process of being encrypted. If the encryption was faster then it would make the experience more pleasant.
I would like to be able to secure the hard drives of virtual machines.
Securing data transfer such as email and the more general internet connection would be very good.
They should improve the hybrid-cloud security and protect the network instead of just securing the computers.
For how long have I used the solution?
I have been working with Microsoft BitLocker for less than a year.
What do I think about the stability of the solution?
I have not heard any feedback from my clients with respect to stability.
What do I think about the scalability of the solution?
This solution scales easily. The server is centralized and every computer that joins the domain is automatically inserted. Each one is automatically configured and synchronized.
My customers are generally small companies with less than one thousand employees, so it would not be very easy to test scalability beyond that.
How are customer service and technical support?
I have not been in contact with technical support. Rather, I use the forum to get information. They have great documentation, as well.
Which solution did I use previously and why did I switch?
My client was not using another solution prior to this one. I proposed three different products, but they chose BitLocker because it is free. IT is not well understood by the clients in my country, so we need to offer services and they have to be at a low cost. They most often prefer to use solutions that are free, or included with Microsoft Windows.
How was the initial setup?
It is very easy to set up and deploy Microsoft BitLocker.
You have to set up the central server, and the configuration may take a day or two. After this, all of you have to do is go to every employee and then launch it, after they choose a personal PIN.
I had some technical issues with one of my deployments, but everything was working properly by the end of the first day. My issues arose because not all of the PCs had an updated version of Windows 10, so it took me some time to work out how to do the upgrades properly. It is important because TPM 2.0 is not supported in Legacy.
That was the very odd part of the solution, and what we needed to do was to make sure that all of the PCs had the same type of Windows license. Once this was done properly, most of the PCs could be encrypted at the same time. It still required going to every PC though, because each needs to be given a PIN and configured. This was a disruption to some of the employees and it would be better if IT had total control, being able to do this from a central server and then simply notifying each user of their PIN. If there were one thousand employees then this would take a really long time.
What about the implementation team?
We perform the deployment of Microsoft BitLocker for our customers. Because each PC has to be checked after the server is running, it is easier to have more than one person to do this. I normally take one or two of my colleagues to assist me with this.
What's my experience with pricing, setup cost, and licensing?
This solution is included with Microsoft Server and my clients did not have to pay for anything extra.
Which other solutions did I evaluate?
I am somewhat familiar with other solutions such as those by McAfee, Digital Guardian, and Trend Micro Endpoint Encryption. However, I do not know these products as well as Microsoft BitLocker.
Once I obtain certification on some of these other solutions, I will propose them to my clients as well. Digital Guardian is something that I have been reading about lately, and it looks very good.
What other advice do I have?
The encryption solution was not something that I was really informed about, but I decided to study it and then propose it to my customers.
I propose two different deployment models; the cloud and on-premises. The internet connection fees here are expensive, so many people prefer to deploy on-site.
My advice for anybody who is implementing this solution is to have a good idea of what they want to do, prepare for it, and go for it. It is not really complex, yet it is a very rich solution to deploy.
The biggest lesson that I have learned from using Microsoft BitLocker is that it can help a lot of people, but it is not very well known. People need to be familiarized with this solution through discussion. Engaging customers and proposing it to them will really help with the security of IT infrastructure in an enterprise. You can secure all of your data, the transfer of your data, and even USB keys.
This may not be the best solution, but it is easy to deploy and easy to grow.
I would rate this solution a seven out of ten.
Which deployment model are you using for this solution?