A lot of users don't really place a value on their data. No matter how important those data may seem, many will inevitably treat them with the same precaution as they would with their music and photo. That would be none in case you are wondering. Toss those important data on removable storage devices and you have a even bigger issue. You would think that users will be wise to secure those devices for fear of losing them but sadly, the exact opposite holds true in most cases. The user believes, as with laptops, that the chances of them losing the removable device or having it accessed by people other then themselves are small. The sky's blue, the world's spinning, the birds are chirping and all seems to be well, until that dreadful day comes when the thing you thought couldn't happen, has happened. You lose the device and heaven forbid, someone who shouldn't have access to your files have. Well, this is where Bitlocker To Go comes into play.
For those who don't know, Bitlocker is a Microsoft hard drive encryption technology. It can be deployed on both desktop and laptop systems. Basically, it prevents a stolen computer hard drive from being accessed offline by the attackers. In other words, they simply can't just physically yank out the hard drive (or boot the stolen computer via a rescue CD/DVD), stick it into another machine and then access the data. I wrote how to deploy Bitlocker in this article. With the rise in popularity (the cheap price tag doesn't hurt as well) of removable storage devices such as USB thumb drives, it's common sense that these devices need to be secured as well. A simple USB thumb drive can hold massive amounts of data and if you use it to store sensitive information, you best believe there is a chance you might someday lose that device. For example, I have a little USB storage device that is about half a inch in size and can store about 8GB of data. It's scary how such a little device can have the potential to hold so much information. With the introduction of Bitlocker To Go in Windows 7, we can now easily protect these removable storage devices so in the event that they do fall into the wrong hands, we can rest a little easier knowing that the data is going to be a lot more harder to get in to.
Things You Need To Know First...
1. Only Windows 7 Enterprise and Ultimate have the ability to deploy the Bitlocker technology.
2. Your removable storage device must be formatted with the FAT file system (usually FAT32) if you want to access the Bitlocker To Go drive on a operating system other than Windows 7 (Vista, XP, etc). However, you only have read-access to the drive when your removable device is used in those older environments. If you want both read and write access to the drive, you must stick the device in a Windows 7 operating system.
3. There is no Bitlocker 'backdoor'. If you forget your password along with the recovery key, you can kiss your data on the drive goodbye. Also, having Bitlocker applied to your drive does not make it entirely invincible. You'll still want to practice physical security and make sure the drive is with you at all times. Bitlocker To Go is just an added layer of protection in case you do lose the drive. If the attacker can somehow guess your Bitlocker To Go Password, then it's game over.
Applying Bitlocker To Go
1. Simply insert your thumb drive into your computer and look for it in Computer. Just to be on the safe side, if there are any contents on the drive, copy it over to your desktop. Obviously if there is a large amount of content, then that might not be possible. You could just make a copy of your utmost important files to backup instead. Once Bitlocker To Go has been successfully applied, you can then move them back. Now, right click on the drive and select 'Turn on Bitlocker'. Immediately, Bitlocker will begin preparing your drive.
2. Next you'll have two options on how you'll want to unlock your encrypted drive. You can either use a password or choose to go with a multi-factor authentication with a smart card along with a PIN. The latter option is mainly used in business environments so if you are a casual user, you'll definitely want to select just the password option. Here, you'll want to make sure that you use a secure password/passphrase because if you make a very short or easy to guess password, chances are the hacker or data thief will also be able to guess it. Remember, the only thing standing between your data and the thief is this one password so please make sure it is hard to guess for others, but easy for you to remember.
3. Next, you'll be required to save and/or print your Bitlocker To Go recovery key for this drive. In the event that you forget your password, you will need to use the recovery key to get back inside your encrypted drive. If you don't remember your password and don't have access to the recovery key, you will be locked out of your own drive. I cannot stress enough how important it is for you to print or save the recovery key and store it in a safe yet easy to remember place.
4. Once that step is completed, you'll be given the final warning from Bitlocker. It will ask you if you are sure you want to encrypt the drive. At this point, it is wise to make sure that if you want to use the drive in older operating system environments, check to see if the drive has been formatted for FAT32. After you have made sure everything is in place (there's not much actually) hit the 'Start Encrypting' button to begin the process. The encryption process will take a while and will take even longer if you have a large capacity storage device so plan ahead. Once the encryption process starts, you will only be able to pause the process, not cancel it. As a warning, DO NOT remove the device until the entire encryption process has completed. Doing so will no doubt cause damage to the device. If you are performing the process on a laptop, make sure you plug in the power adapter in case your battery goes out during the encryption process.
Accessing The Drive
Once the encryption process has finished, it is now ready for use.
When you now want to open the drive, you'll be greeted with a password prompt. This is the password you created in step 2 earlier in the process. Under Windows 7, you'll notice that the prompt also have a 'I forgot my password' link. You will need to click on this link to type in your recovery password in the event you forget your access password. If you forget your password and don't have access to your recovery file, then there really isn't anything I can do to help you at this point. You will also notice the 'Automatically unlock on this computer' option. By turning this on, you will bypass the need to type in the password whenever you access the device on that computer. When you move the device to another computer, you will see the password prompt once again. I normally wouldn't recommend this option because by not having the requirement to type in your password, there is a bigger chance that you'll actually forget the password at a later date when you need to access the drive at another computer.
One you have typed in the password correctly, you will then have access to the drive like how you normally would.
When accessing the drive under Windows XP or Vista, the procedure is similar but the end result is a little bit different. If you have the AutoPlay option turned on (I highly recommend that you don't), you'll see a familiar dialog box as seen below:
The Bitlocker To Go Reader is a mini application that actually provides the backward compatibility under these older operating systems. Once you select that option, then you will be presented with the similar password prompt dialog box. Once again, type in the password to access the drive.
Once you are in, you'll notice a slightly different interface. Rather than using Windows Explorer, Bitlocker is actually using the Bitlocker To Go Reader application interface. There really isn't much to it other than the fact that it will present you with all of your files on the removable storage device.
When you try to double click on a file with the application to open it, you will be presented with a dialog box tell you that you must first copy the files to your local Desktop first before you can access them. This is so because Bitlocker To Go does not allow you the capability to write or make any changes to the drive while it is being accessed under a operating system other than Windows 7. To bypass this message, you can simply just drag and drop the files you want to use onto your Desktop and then opening them from there.
If you try to drag a file into the Reader application, which in essence you are trying to write to the drive, you will be presented with a nasty error message. Not being able to write to the drive under XP or Vista is a obvious drawback but I'm sure there is a legitimate security reason for doing so. That or Microsoft just wants to give you another reason to switch over to Windows 7!
If you want a little more control over Bitlocker To Go (for example, if you are planning to deploy it in a business environment), then you'll want to look over the group policy settings pertaining to Bitlocker To Go at Computer Configuration -> Policies -> Administraive Templates -> Windows Components -> Bitlocker Drive Encryption -> Removable Data Drives.
Also, if for some strange reason that the Bitlocker To Go Reader application is not present, you can grab it here from Microsoft's website.
In The End...
Utilizing Bitlocker To Go is as simple as it can get. In today's modern world, information is the key to everything. We need a way to simply protect our data and information when on the go just as we do when that same data is sitting in a server at your office. With Bitlocker To Go, we have just that protection. We need to understand that while we may like to think we wouldn't lose our removable storage devices (since it contains sensitive information), nothing is guaranteed in life and we need a contingency plan. By turning on Bitlocker on our removable storage devices, we have just made the life of the bad guys that much more difficult. Typing in a password everytime to access your sensitive material can seem like a hassle at first but you have to remember that when security is involved, there is usually a compromise between security and usability. As with all things in life, we just have to adjust to it.
