Bitlocker is a component of Pro and Enterprise editions of Windows 8 and Windows Server 2012 that enables you to protect the contents of your hard drive through encryption. It is also available in Enterprise versions of Windows Vista and 7.
It is viewed as more of a business option vs. a consumer option, but consumers can acquire equivalent functionality through 3rd-party software. Bitlocker guards against the consequences of the employee’s notebook or desktop computer coming into the possession of an unauthorized person.
Bitlocker prevents unauthorized access by:
Encrypting the entire Windows operating system drive on the hard disk. BitLocker encrypts all user files and system files on the operating system drive, including the swap files and hibernation files.
Checking the integrity of early boot components and boot configuration data. On computers that have a Trusted Platform Module (TPM) version 1.2 or 2.0, BitLocker uses the enhanced security capabilities of the TPM to help ensure that your data is accessible only if the computer’s boot components appear unaltered and the encrypted disk is located in the original computer.
Three approaches can be used to implement Bitlocker:
Windows Server 2012 has an additional BitLocker protector option for Operating System Volumes called Network Unlock. Network Unlock allows managed desktops to be automatically unlocked at system reboot when connected to a trusted wired corporate network. The client hardware must have a DHCP driver implemented in its UEFI firmware, however.
Security will continue to increase in importance and the encryption-based Bitlocker is a useful way to protect an organization’s distributed data assets.