Why you should be using BitLocker on your servers
In Windows Vista we introduced “BitLocker” to Windows – a native full disk encryption technology for Windows. Most people immediately saw the potential for BitLocker on laptops. Encrypting your laptop meant that if you were ever unfortunate enough to lose your laptop (through theft or forgetfulness) you would not have to worry about someone else getting access to your data.
But today I would like to explain to you why you want to use BitLocker on your servers too. All of your servers.
Recently, I had a hard disk fail in one of my servers. This happens from time to time, and thanks to RAID it was not a big deal. I just bought a new drive, popped out the old drive, put in the new one, rebuilt the array and I was off and running.
But now I have a problem: what do I do with the old drive?
It’s broken. So broken that it is hard to delete the data that is on there – but there is data on there none the less. And despite how unlikely it is that anyone will ever look at it – I am not entirely comfortable with just dropping it in the trash. Personally, I have had the experience of connecting a broken drive that had been sitting on the shelf for a couple of months and finding that it would work for a couple of hours before failing again. It is plausible to imagine that someone might find my old drive and hook it up just to see if it worked.
So how do I get rid of that data?
Drives these days are quite hard to destroy. I have tried to pull them apart manually, I have hit them with a hammer, I have even driven a car over one. They are surprisingly rugged. You could sit magnets on them – but you won’t know how effective it has been. Microwaving the drive should be quite good – but would probably damage the microwave as well. Besides, there is a much simpler solution: use BitLocker.
Once you have enabled BitLocker on a server – your data is now protected, even if the disk fails. Especially when the disk fails. With BitLocker on you can take that failed hard disk and drop it in the bin with no concern of anyone ever getting data off of it.