bisselltechs
asked on
Bitlocker AND EFS, or Bitlocker OR EFS?
I am researching implementing encryption in our enterprise. I am trying to understand how EFS and Bitlocker work together or sepoerately. In a case where your primary goal is to protect data, would you need both EFS and Bitlocker? If you encrypt the whole drive with Bitlocker, why would you still need the EFS system with all of the user interferance? When would you want to have both? Or is Bitlocker just the newer version/replacement product for encryption through Microsoft?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Basically yes... EFS is "seemless" encryption, and if someone stole the LT while it was turned on and the screen did not lock, they could view/copy the EFS files as long as you were logged on still. Even though the drive is encrypted, while the OS is running, it looks like plain-text so again in that situation neither solution protects you. If the files of importance were kept inside an encrypted container like a password protected zip file or truecrypt container, then that data is more secure than using EFS or HD encryption, that is in that situation where the LT is stolen out of your hands or after you walked away for a minute and it is logged in.
-rich
-rich
Also EFS has a few other flaws: https://www.experts-exchange.com/articles/Security/Encryption/Microsofts-Encrypted-FileSystem.html
-rich
-rich
ASKER