BitLocker Encryption in Vista: good for mobile PCs, bad for dual-booting

Winvista_beta1_logo I just missed a Vista beta chat on BitLocker, but it reminded me to share a few thoughts on this encryption scheme simply because I don’t think most people have followed what it is and what it’s for. A good portion of the public is wondering "Why upgrade to Vista?" and I think BitLocker is a compelling reason; certainly not by itself, but let’s do a quick "BitLocker 101" so you can judge for yourself.

In my full-time career, I do I.T. work in the health-care industry, which is heavily regulated in terms of data privacy. Aside from the Sarbanes-Oxley act that most (if not all) corporations abide by, the health-care industry must comply with HIPAA, or the Health Information Portability and Accountability Act. There’s tons of personal data in health-care and it’s of paramount importance to carefully maintain and use it.

That’s an extreme example, so let’s ratchet down to you as a mobile computing individual. What kinds of data do you store that you don’t want falling into the wrong hands? How would your data be protected if your Tablet PC or notebook was stolen? Enter BitLocker encryption in certain versions of Microsoft Windows Vista.

Rather than hash out all of the technical details, here are a few Microsoft statements on BitLocker:

  • BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive.

  • BitLocker also enhances data protection by bringing together two major sub-functions: full drive encryption and the integrity checking of early boot components.

  • Drive encryption protects data by preventing unauthorized users from breaking Windows file and system protection on lost or stolen computers. This protection is achieved by encrypting the entire Windows volume. With BitLocker, all user and system files are encrypted, including the swap and hibernation files.

  • BitLocker offers the option to lock the normal boot process until the user supplies a PIN, much like an ATM card PIN, or inserts a USB flash drive that contains keying material. These added security measures provide multi-factor authentication and assurance that the computer will not boot or resume from hibernation until the correct PIN or USB flash drive are presented.

Microsoft has a great FAQ section on BitLocker encryption, so consider giving it a read. Since at this time it appears that BitLocker functionality will only be in the Enterprise and Ultimate editions of Vista, this could influence your choice of which version to purchase if you decide you need this kind of data protection.

Of course, with the positives always come a trade-off. Apparently what protects your data could also prevent you from easily dual-booting your system. For me, the data protection is worth far more than the ability to dual boot.