Difference between revisions of "Bitlocker To Go"
| (17 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | ==What is Bitlocker | + | ==What is Bitlocker To Go?== |
| − | Bitlocker is the Windows encryption tool that helps protect data from being accessed by the wrong party | + | Bitlocker is the built-in Windows encryption tool that helps protect data from being accessed by the wrong party. The data is scrambled it in a way that only your credentials can read. This is the core technology implemented on every employee Windows PC across campus. Bitlocker To Go is the portable version of this technology that extends to peripheral equipment such as thumb drives, flash drives, external hard drives, SD/XD/SSD/Mini/Micro/CF cards, cameras that connect via USB, scanners, and every attachable device that is capable of storing data. Basically, Bitlocker To Go allows us to password protect the removable devices that are the most likely to contain university data. |
| + | |||
==Why is Bitlocker being enforced?== | ==Why is Bitlocker being enforced?== | ||
| − | Every year the university and its employees purchase dozens if not hundreds of external storage devices that are for all intents and purpose disposable. | + | Every year the university and its employees purchase dozens (if not hundreds) of external storage devices that are, for all intents and purpose, disposable. These storage devices have become quite large in capacity and are capable of storing significant quantities of sensitive university data. At the same time, annual Business Office audits have shown that many employees are not capable of accounting for these devices during audits. Requiring Bitlocker To Go ensures data being copied off of WSU computers remains in a protected state. This risk mitigation control reduces the requirement for the university to do asset tracking and inventory control on low cost storage devices. The implementation of this technology not only significantly reduces the risk of losing university data, but also reduces costs associated with tracking and securely disposing of the devices themselves. |
==Will it impact me?== | ==Will it impact me?== | ||
| − | + | '''Bitlocker To Go will likely not impact most employees.''' | |
| − | * First, it is currently only being deployed to Windows based computers that have access to classified university data. | + | * First, it is currently only being deployed to Windows-based computers that have access to classified university data. |
| − | * Second, it will only impact you if you use removable storage devices, which most employees do not use. | + | * Second, it will only impact you if you use removable storage devices (like a flash drive), which most employees do not use. |
| − | * Third, it will only impact you if you need to WRITE data to these devices. | + | * Third, it will only impact you if you need to '''WRITE''' data to these devices. If you only need to '''read''' data from external devices, Bitlocker To Go does not need to be enabled. Remember, WSU recommends using network storage (i.e. your R drive, department storage, or WSU OneDrive) and not removable media such as flash drives or external hard drives. These types of devices are both expensive and easily lost. |
| − | * Fourth, | + | * Fourth, Bitlocker technology is very stable and has been thoroughly adopted and tested across almost every industry. WSU has used Bitlocker on our Windows PCs with great success for well over a decade. |
==How will it impact me if I do use removable storage?== | ==How will it impact me if I do use removable storage?== | ||
| − | In the event your job requires the use of removable media | + | In the event your job requires the use of removable media, Bitlocker To Go will require those drives to be encrypted '''PRIOR''' to you putting data on them. For example, if you plug in a USB storage device, open the device in Windows Explorer, then right-click and try to paste data into the drive: |
| − | 1. Sorry, you can’t copy files to this without Bitlocker being enabled. | + | 1. Sorry, you can’t copy files to this without Bitlocker being enabled. Would you like to enable it? |
| − | 2. | + | 2. If you click NO then all you can do is read the contents of the drive. Click Yes and it will walk you through the steps to put a password on the external device. This password must meet the same minimum complexity requirements as your StarID password. Try to include at least one uppercase, lowercase, numeric, and special character, and use a password that is eight characters or more. |
| − | 3. The next time that drive is plugged into a computer, it will prompt for | + | 3. The next time that drive is plugged into a computer, it will prompt for the password to unlock it. If this is your primary computer, you can choose to remember the password and it will never prompt again. If this is your home computer, just enter the password and it will open and look normal. ** special software is available to open these secure drives on a Mac ** |
| − | == | + | ==Setting up Bitlocker To Go== |
| − | ''' | + | '''This is the first thing the user will see when plugging in a USB device that requires Bitlocker encryption''' |
| + | |||
| + | User may see the following dialog box. | ||
| − | + | If “Don’t encrypt this drive” is chosen, then the drive will be read-only and the user will be unable to save data to the device. | |
[[File:BitLockerToGo1.png|400px]] | [[File:BitLockerToGo1.png|400px]] | ||
| + | If "Encrypt this drive using BitLocker Drive Encryption" is chosen, the BitLocker process will begin. | ||
| − | + | [[File:BitLockerToGo2.png|400px]] | |
| − | |||
| − | |||
| + | Password creation is required to continue. | ||
| + | This password must meet the same minimum complexity requirements as your StarID password. Try to include at least one uppercase, lowercase, numeric, and special character, and use a password that is eight characters or more. | ||
| − | + | If the password does not meet these requirements, users may be presented with one of the following error messages. | |
[[File:BitLockerToGo3.png|400px]] | [[File:BitLockerToGo3.png|400px]] | ||
| Line 36: | Line 40: | ||
| − | + | Once an acceptable password is entered, a secondary backup method is required to save the Bitlocker recovery key that can be used if a user forgets their flash drive encryption password. WSU automatically stores this info on Winona State University's Active Directory server, so the backup copy you're saving is yours to use if you forget the password on the external storage device. It is '''highly recommended to choose “Save to a file”''' then save the file to your personal R drive on the network. After that, simply click '''Next.''' | |
| − | |||
| − | Once an acceptable password is entered, a backup method is required. | ||
| − | '''Note:''' The drive should not | + | '''Note:''' The drive should not be encrypted until the computer can access the WSU network by being on campus or by connecting via [[VPN]]. This ensures that the key is properly backed up. |
[[File:BitLockerToGo5.png|400px]] | [[File:BitLockerToGo5.png|400px]] | ||
| + | Final check, and encryption begins. | ||
| − | |||
'''Note:''' Only the used space on the drive is encrypted. This greatly decreases the amount of time needed to encrypt. | '''Note:''' Only the used space on the drive is encrypted. This greatly decreases the amount of time needed to encrypt. | ||
| Line 52: | Line 54: | ||
[[File:BitLockerToGo7.png|400px]] | [[File:BitLockerToGo7.png|400px]] | ||
| − | + | ==How Do I Tell if my USB Drive is Locked or Unlocked?== | |
| − | |||
| − | == | ||
[[File:BitLockerToGo8.png|400px]] | [[File:BitLockerToGo8.png|400px]] | ||
'''Locked''' | '''Locked''' | ||
| − | + | When you insert the drive you may be prompted to unlock it with the password you created. | |
| − | |||
| − | When you insert the drive you | ||
| − | |||
[[File:BitLockerToGo9.png|400px|]] | [[File:BitLockerToGo9.png|400px|]] | ||
| Line 70: | Line 67: | ||
[[Bitlocker Encryption (PC)]] | [[Bitlocker Encryption (PC)]] | ||
| + | [https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-overview Microsoft - What is Bitlocker?] | ||
| + | |||
| + | [https://www.pcworld.com/article/2308725/encryption/a-beginners-guide-to-bitlocker-windows-built-in-encryption-tool.html PC World - a Beginner's Guide to Bitlocker] | ||
[[Category:Security]][[Category:Software]][[Category:Faculty]][[Category:Staff]] | [[Category:Security]][[Category:Software]][[Category:Faculty]][[Category:Staff]] | ||
Latest revision as of 20:19, 20 December 2017
What is Bitlocker To Go?
Bitlocker is the built-in Windows encryption tool that helps protect data from being accessed by the wrong party. The data is scrambled it in a way that only your credentials can read. This is the core technology implemented on every employee Windows PC across campus. Bitlocker To Go is the portable version of this technology that extends to peripheral equipment such as thumb drives, flash drives, external hard drives, SD/XD/SSD/Mini/Micro/CF cards, cameras that connect via USB, scanners, and every attachable device that is capable of storing data. Basically, Bitlocker To Go allows us to password protect the removable devices that are the most likely to contain university data.
Why is Bitlocker being enforced?
Every year the university and its employees purchase dozens (if not hundreds) of external storage devices that are, for all intents and purpose, disposable. These storage devices have become quite large in capacity and are capable of storing significant quantities of sensitive university data. At the same time, annual Business Office audits have shown that many employees are not capable of accounting for these devices during audits. Requiring Bitlocker To Go ensures data being copied off of WSU computers remains in a protected state. This risk mitigation control reduces the requirement for the university to do asset tracking and inventory control on low cost storage devices. The implementation of this technology not only significantly reduces the risk of losing university data, but also reduces costs associated with tracking and securely disposing of the devices themselves.
Will it impact me?
Bitlocker To Go will likely not impact most employees.
- First, it is currently only being deployed to Windows-based computers that have access to classified university data.
- Second, it will only impact you if you use removable storage devices (like a flash drive), which most employees do not use.
- Third, it will only impact you if you need to WRITE data to these devices. If you only need to read data from external devices, Bitlocker To Go does not need to be enabled. Remember, WSU recommends using network storage (i.e. your R drive, department storage, or WSU OneDrive) and not removable media such as flash drives or external hard drives. These types of devices are both expensive and easily lost.
- Fourth, Bitlocker technology is very stable and has been thoroughly adopted and tested across almost every industry. WSU has used Bitlocker on our Windows PCs with great success for well over a decade.
How will it impact me if I do use removable storage?
In the event your job requires the use of removable media, Bitlocker To Go will require those drives to be encrypted PRIOR to you putting data on them. For example, if you plug in a USB storage device, open the device in Windows Explorer, then right-click and try to paste data into the drive: 1. Sorry, you can’t copy files to this without Bitlocker being enabled. Would you like to enable it? 2. If you click NO then all you can do is read the contents of the drive. Click Yes and it will walk you through the steps to put a password on the external device. This password must meet the same minimum complexity requirements as your StarID password. Try to include at least one uppercase, lowercase, numeric, and special character, and use a password that is eight characters or more. 3. The next time that drive is plugged into a computer, it will prompt for the password to unlock it. If this is your primary computer, you can choose to remember the password and it will never prompt again. If this is your home computer, just enter the password and it will open and look normal. ** special software is available to open these secure drives on a Mac **
Setting up Bitlocker To Go
This is the first thing the user will see when plugging in a USB device that requires Bitlocker encryption
User may see the following dialog box.
If “Don’t encrypt this drive” is chosen, then the drive will be read-only and the user will be unable to save data to the device.
If "Encrypt this drive using BitLocker Drive Encryption" is chosen, the BitLocker process will begin.
Password creation is required to continue.
This password must meet the same minimum complexity requirements as your StarID password. Try to include at least one uppercase, lowercase, numeric, and special character, and use a password that is eight characters or more.
If the password does not meet these requirements, users may be presented with one of the following error messages.
Once an acceptable password is entered, a secondary backup method is required to save the Bitlocker recovery key that can be used if a user forgets their flash drive encryption password. WSU automatically stores this info on Winona State University's Active Directory server, so the backup copy you're saving is yours to use if you forget the password on the external storage device. It is highly recommended to choose “Save to a file” then save the file to your personal R drive on the network. After that, simply click Next.
Note: The drive should not be encrypted until the computer can access the WSU network by being on campus or by connecting via VPN. This ensures that the key is properly backed up.
Final check, and encryption begins.
Note: Only the used space on the drive is encrypted. This greatly decreases the amount of time needed to encrypt.
How Do I Tell if my USB Drive is Locked or Unlocked?
Locked
When you insert the drive you may be prompted to unlock it with the password you created.
Unlocked