Full Disk Encryprtion

A Trusted Platform Module, widely referred to as “TPM”, is a chip that resides on your computers motherboard and is responsible for generating encryption keys that work in tandem with BitLocker, a form of Full Disk Encryption which we will expand on later in the article. The main aim of the TPM is to carry out security functions that store and process symmetric and asymmetric keys, hashes and digital certificates. With the security mechanisms of TPM, it binds a hard drive disk to a specific computer system, meaning that if an attacker attempts to remove your hard-drive and plug it into their own device, all data is rendered unreadable and useless.

Full Disk Encryption software, Bitlocker, is a feature that is built into the Windows 10 professional Operating System which encrypts all information on the devices hard drive, inclusive of user data (personal documents, pictures). The one advantage with this form of encryption using software like BitLocker, is that it is an entirely hands-off approach once configured correctly. Your hard-drive is encrypted at all times, and you can gain access to this with your standard Windows password. This is where BitLocker uses a “Recovery Key”. This key is used to remove the encryption on your hard-drive, and it is important that it is kept extremely safe. When you swap your hard-drive to a different computer, you will need this recovery key to establish a relationship with the new device.

When devices are used in public places (i.e. coffee shops, trains) it is imperative that Bitlocker or an alternative encryption software is enabled due to the device having a higher risk of being lost or stolen. If the device gets stolen, the malicious actor will be unable to access the sensitive information without the user password.