I’ve been a huge fan of the BitLocker Drive Encryption feature in Windows desktop and server machines. I have enabled BitLocker on all of my desktop, mobile, and server computers, plus external drives. I’ve enabled encryption to help ensure that the data remains safe in the event that the drives are lost or stolen. From my informal testing, I’ve seen minimal overhead related to encryption, and have experienced very few drawbacks.
One potential issue is the process of encrypting a new drive or device. In earlier versions of BitLocker, the feature required the entire hard drive to be encrypted. That includes the free space. I recently purchased a 3TB USB 3.0 drive and noticed that, from my Windows 7 workstation, the process would take 20+ hours to complete (on a completely blank drive). Fortunately, I realized that Windows 8 includes an enhancement that allows you to choose to encrypt only the used space on the drive?
The results? Encrypting an empty 3TB from a Windows 8 machine (using a USB 2.0) connection took around a minute or so. Now, I can connect it back to my Windows 7 workstation (all versions of BitLocker are cross-compatible), and start copying the data to the drive. It’ll encrypt on the fly and will save many hours of needless overhead. You can also use this approach for internal drives, though the hassle of removing and unlocking those might negate the performance improvement.
This is just one small part of the overall improvements to BitLocker in Windows 8 and Windows Server 2012. For more information, see the Windows Security article series BitLocker Enhancements in Windows Server 2012 and Windows 8. It includes an in-depth look at how you can use these features on your servers, and how you can enable BitLocker for Cluster Shared Volumes (CSVs) and manage disk encryption throughout your environment.
Just a little tip, for those of us who are still on Windows 7 but would like to take advantage of faster encryption.