Phil wrote in the latest issue if the security newsletter:
At InfoSecurity last month Ed Gibson (Chief Security Advisor, Microsoft Ltd), Cliff Evans (Security Marketing Lead, Microsoft Ltd) and I were talking about the latest physical loss of equipment - a server in Hong Kong - and whilst it was protected by several layers of security, we got to wondering what our IT policy was on installing BitLocker on machines inside Microsoft. BitlLcker provides data security through drive encryption and is available in Windows Vista Enterprise, Windows Vista Ultimate and in Windows Server 2008. Anyway, back to our discussion. Sad to say, we didn't know what our policy was, so I investigated and found that, like in any organisation, it's not just a simple case of it magically appearing on everyone's machines.
So how are we implementing BitLocker? Here in the UK all new machines (clients and servers) are being built by IT with BitLocker enabled. For existing laptops, we are prioritising deployment of BitLocker on all appropriate computers where High Business Impact (HBI) data is present. The next goal is to deploy BitLocker on all Microsoft IT laptops that are capable of using BitLocker. So whilst it doesn't prevent a machine being lost, more likely a client than a server, we can prevent the loss of any data. Let me know if BitLocker is important to you in this scenario: there is more information later in this newsletter about Data Encryption Toolkits for Mobile PCs.