BitLocker To Go
Windows 7 BitLocker To Go is the latest installment of Vista’s BitLocker. In Vista RTM, BitLocker allows the user to encrypt an internal hard drive using certificate based encryption. In combination with the Trusted Platform Module which stored the certificate, it was a very effective way to secure data on a laptop. Vista SP1 allowed the user could encrypt other internal hard drives using the same method.
With BitLocker To Go, the concept and idea is now moved external hard drives. This will includes any USB devices that are 2 Gb and greater in size. This will allow the use of a password to write to a device and if that the password is not available, then the device becomes read-only.
BitLocker To Go is done from the BitLocker panel or can be started from the right click menu option in Windows Explorer. On being enabled, a passwords is required to BitLocker the external device. Password complexity can be be controlled by Group Policy.
Just like in previous versions of BitLocker it is required that these passwords are saved some place else. Either in file or printed off for safe keeping. If the save as a file is chosen, then a text file is created with the Recovery key id, Full recovery key id and the BitLocker Recovery key.
This will begin the process for encrypting that external drive.
Once completed the drive now will read like any other drive. However, once the device is connected into the Windows 7 environment, it will ask for the password. No password means read-only for the content on the device.
Also, once the process is complete there are other management features that available:
Change password to unlock the drive
Remove password from this drive
Add a smart card to unlock the drive
Save or print recovery key again
Automatically unlock this drive on this computer
Windows 7 has more abilities to control BitLocker To Go by adding more Group Policies. These policies can be found locally or through the domain and range from password complexities to if the device doesn’t have BitLocker enable then do not let anyone access the information.
Microsoft has also claimed that BitLocker To Go will also be able to be used on older, legacy systems. But as of this Beta build, the feature is not quite yet. Once completed, what will be available on the USB drive is a text file that says to use Windows 7 to read the documents.
As far as I am concerned this is a major advancement especially for organizations that live off of USB external devices.