Encryption can be a bit of a double-edged sword for organizations. It is an effective and essential tool for protecting sensitive data, but it often comes with a healthy side of user confusion and help desk calls. Microsoft hopes to simplify the process of implementing and managing BitLocker data encryption with the launch of Microsoft BitLocker Administration and Management (MBAM) 2.0 Beta 2.
A Windows for Your Business blog post announcing MBAM 2.0 Beta 2 points out that many states have data breach legislation in place, and that the penalties associated with failing to protect data can get quite costly. "I think this proves that the rules and stakes for data security are rapidly changing and there couldn't be a more important time to ensure your understanding of data breach laws, and protect your corporate and customer data from the ramifications of a potential breach."
BitLocker encryption has been around in some form or another since the launch of Windows Vista. It is an effective means of protecting data, but can be a major headache to manage--especially for small and medium businesses that generally have fewer dedicated IT resources.
MBAM 2.0 is part of the Microsoft Desktop Optimization Pack. The new versions builds on MBAM 1.0 in an effort to streamline provisioning of BitLocker encryption, reduce support calls and costs, simplify management, and improve compliance reporting.
BitLocker encryption relies on a TPM (Trusted Platform Module) chip on the PC being encrypted. It's possible to change BitLocker policies to work without a TPM, but BitLocker expects to find a TPM by default.
When users encrypt their own devices, the process can be confusing or intimidating. The process requires system reboots, and the user may be confronted with an ominous-sounding message forcing them to either call the help desk or cancel out of the encryption process.
Windows 8 is able to work more closely with the TPM. Organizations with MBAM 2.0 and Windows 8 PCs can allow users to encrypt their own devices without the fuss and complexity of dealing with the TPM.
MBAM 1.0 included a Recovery Portal that the help desk could use for PIN resets, and BitLocker recovery issues, but it still required that the user call the help desk for assistance. MBAM 2.0 provides users with a Self Service Portal.
There are still issues that may arise where users will need to escalate to the help desk for support, but the MBAM 2.0 Self Service Portal should minimize support calls, and reduce support costs. Users can easily acquire a BitLocker Recover Key or reset a forgotten BitLocker PIN.
System Center Integration
IT admins generally have a lot on their proverbial plate. Anything that can be done to streamline monitoring and management of IT resources makes IT admins lives easier, and frees them up to focus on more crucial matters. For organizations that use Microsoft System Center Configuration Manager, MBAM 2.0 does just that.
MBAM 1.0 was a standalone tool that added one more thing for IT admins to monitor. MBAM 2.0 integrates with Microsoft System Center Configuration Manager 2007 or 2012 to enable organizations to manage BitLocker using the console they're already using to monitor and maintain the rest of the infrastructure.
One advantage of integrating MBAM 2.0 with System Center Configuration Manager is that BitLocker encryption compliance reports can be generated and viewed through the Configuration Manager console.
Microsoft also made some subtle changes in how compliance is reported with MBAM 2.0. MBAM 1.0 reported any difference in configuration as non-compliant, but MBAM 2.0 is smart enough to realize if a device actually has better security that exceeds the policy requirements, and not flag it. MBAM 2.0 also streamlines how data is presented in compliance reports to make it easier to distill relevant information.
Data breaches are costly, and it's crucial for organizations to use disk encryption to protect sensitive information--especially on mobile PCs. MBAM 2.0 makes it easier for organizations to implement and manage BitLocker to ensure data is secure.
You can download MBAM 2.0 Beta 2 now and test it out.