Secure portable drives with Bit Locker to go

Derek SchaulandCloud Architect
I am a Cloud Architect, technical writer, and documentation aficionado with a strong focus in Microsoft Azure.
USB flash drives appear to be all the rage these days, from schools to businesses, more and more people are carting their data around on key ring sized media.  What happens though if the USB devices are lost or stolen?  Their small size makes this a true possibility.

I guess the bigger question is how would you or your organization handle a lost or stolen USB flash drive?  Sure a new drive could be acquired, but the information on the drive is at the hands of whoever found it or the thief that made off with the device.

In Windows 7, Microsoft has expanded Bit Locker which was introduced with Windows Vista as a means to secure important information.  The application now allows USB drives to be encrypted using Bit Locker technology (called Bit Locker to go) and from then forward requiring a Smart card/pin combination or a password to access the information on the drive.

Note: Bit Locker can be customized by the owner of the flash drive to automatically unlock on a specified computer.  That way the data can be encrypted on your child's flash drive, but they won't need to enter the password every time they connect to the home PC.

What Bit Locker brings to the table

Microsoft's Bit locker technology is available in the higher end SKUs of windows Vista (Enterprise/Business/Ultim ate) and the same will likely be true for Windows 7.  This means that not everyone will be able to make use of the encryption technology simply because the version of Windows they have doesn't support it, or the price to upgrade is simply to steep.  

Using Bit Locker will allow all of the files on a device to be encrypted so only the individual who encrypted the device (or has the credentials) can access the files contained on it.  To me this is amazing technology, sure there are other applications that are free of charge that do the same thing as Bit Locker (True Crypt), but for many, if it is in the box it might be more likely to get used.  Bit Locker will allow me to be less worried about the data I store on a flash drive being taken or lost.

If I store all my personal documents on a USB stick, which usually I do, and it isn't encrypted, anyone can get to the information on the device.  In business situations, more and more employees are using flash drives to take work home and keep important information, however if they lose it or the kids discover it and over write it, the data on the drive may be lost or inaccessible.

Encrypting the device with Bit Locker will take a few minutes, and you will be asked to save your key on your laptop.  The encryption key will be needed as part of a key pair to decrypt the content of the drive when it is plugged in.

Setting up Bit Locker to go in Windows 7 works as follows:
Click the Start button
Insert USB flash drive to be encrypted
In the search box enter BitLocker shown in figure A below
Figure A

  BitLocker to go
Select Bit Locker Drive Encryption
Highlight the drive you wish to encrypt, select Turn on BitLocker
(Figure B below)

Figure B

  BitLocker to go
Choose the method by which you wish to unlock your encrypted drive, using a password or a smart card and PIN (shown in Figure C) and click next
Figure C


The wizard will then ask you if you want to save the encryption key to a file or print it, Microsoft suggests doing both.  

Figure D

  BitLocker to goFigure E

  BitLocker to goOnce you have saved or printed your encryption key you are ready to encrypt the contents of the drive.  Click the begin encryption button to start the process.

While encryption begins you should not remove your external drive from your computer.  Once the process gets going, you can pause the encryption and safely remove your device.  If you need to remove your USB device during encryption, make sure you pause the process first.

The progress bar will show how far along the encryption process is and upon completion simply ask you to close the wizard.

From this point forward, when you insert the drive you will be asked to provide a password or smart card authentication to access the drive, shown in figure G.

Figure G

  BitLocker to goUsing Bit Locker To Go to protect the data on your organizations files stored on USB disks can be a tremendous help when it comes to keeping documents secure.  For IT administrators and business owners, knowing that something is being done to ensure the security of traveling data is a step in the right direction.  While the best thing to do would be to control distribution of USB drives and only provide them when they can be controlled, Bit Locker encryption can help keep documents that do leave the building safe from prying eyes.
Derek SchaulandCloud Architect
I am a Cloud Architect, technical writer, and documentation aficionado with a strong focus in Microsoft Azure.

Comments (1)

The only setback i encounter with this wonderful feature is that you cannot add files if you are using it on another computer which is not windows 7.  So lets say i have my work thumbdrive, and i go later to class and i decide to use it to store my new assignment, then i find out it doesnt let me add any files to it. what a bummer.  if you could add files after unlocking it would be awsome.

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.