Encryption of windows 10 pc's and Server 2012 (onwards) servers

leo135
leo135 used Ask the Experts™
on
Hi,
We would like to introduce encryption across our clients PC's/server by default.
I was wondering:
Are there any downsides to this?
Is using bitlocker with TPM enabled devices good enough?
Are there any other 'encryption' based measures that I can take?
Is using bitlocker for Windows Server (2012 and above) recommended?
Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018
Commented:
If you trust Microsoft (and obviously you do, or you wouldn't use their OS), you can trust bitlocker. BL is "good enough", in fact, it offers a lot compared to some competitors that are not free. You can very well use it on servers as well as clients. For the server hardware, you should see if a TPM chip is already installed or, if not, can be bought and seated.

"good enough" - please specify what you mean. I don't miss any features with bitlocker.
"Are there any other 'encryption' based measures that I can take?" - what should be encrypted? Data in transit? E-Mails? Removable devices, floppies...? There's a solution for anything.

"Are there any downsides to this?" - not really. The performance impact for writes (only writes, not reads), can be up to 25%, but you will only notice that if you do excessive writing.

Author

Commented:
Thaks McKnife, that's a really helpful answer!

I guess when I refer to other measures, I mean emails (Office 365) and removable devices. Are there any measures you can suggest for these?
Distinguished Expert 2018
Commented:
For removable devices as in USB sticks, you can use bitlocker2go. It can be read on any windows OS from xp onwards and can be written to again on windows 7 (ultimate or enterprise), win8 pro/enterprise or win10 pro/enterprise.
Mails: that's a huge topic. Short advice: for those users that send encrypted content once in a while, I would strongly recommend to use an attachment encrypter like the free 7zip. For those that send mails regularly encrypted: sit down with your partners (the recipients) and discuss it with their admins since the best solution on your side will not guarantee that the recipients are happy with it.
We use sophos' secure e-mail gateway.
Distinguished Expert 2018

Commented:
leo135, any more questions? Else please return and close this question.
Distinguished Expert 2018

Commented:
As indicated by the author, the comment was helpful.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial