November 08, 2012, 3:27 PM — Encryption can be a bit of a double-edged sword for organizations. It is an effective and essential tool for protecting sensitive data, but it often comes with a healthy side of user confusion and help desk calls. Microsoft hopes to simplify the process of implementing and managing BitLocker data encryption with the launch of Microsoft BitLocker Administration and Management (MBAM) 2.0 Beta 2.
A Windows for Your Business blog post announcing MBAM 2.0 Beta 2 points out that many states have data breach legislation in place, and that the penalties associated with failing to protect data can get quite costly. "I think this proves that the rules and stakes for data security are rapidly changing and there couldn't be a more important time to ensure your understanding of data breach laws, and protect your corporate and customer data from the ramifications of a potential breach."
BitLocker encryption has been around in some form or another since the launch of Windows Vista. It is an effective means of protecting data, but can be a major headache to manage--especially for small and medium businesses that generally have fewer dedicated IT resources.
MBAM 2.0 is part of the Microsoft Desktop Optimization Pack. The new versions builds on MBAM 1.0 in an effort to streamline provisioning of BitLocker encryption, reduce support calls and costs, simplify management, and improve compliance reporting.
BitLocker encryption relies on a TPM (Trusted Platform Module) chip on the PC being encrypted. It's possible to change BitLocker policies to work without a TPM, but BitLocker expects to find a TPM by default.
When users encrypt their own devices, the process can be confusing or intimidating. The process requires system reboots, and the user may be confronted with an ominous-sounding message forcing them to either call the help desk or cancel out of the encryption process.
Windows 8 is able to work more closely with the TPM. Organizations with MBAM 2.0 and Windows 8 PCs can allow users to encrypt their own devices without the fuss and complexity of dealing with the TPM.