cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AVermeer
Reader I

Bitlocker on USB drives for GDPR

Did anybody look into Microsoft BitLocker on a USB drive and if the encryption level of BitLocker would be sufficiently secure for GDPR?

 

In our stores we deal with Personal data and ship this between the stores and the office, an encrypted USB drive would be ideal for this purpose.

 

Arthur Vermeer.

2 Replies
Badfilemagic
Contributor II

 

Bitlocker is backed by multiple FIPS (CMVP and CAVP) validations. Windows 10 was Common Criteria validated as well, using the CAVP validations to back up its AES, XTS, RSA, and SHS implementations.

 

I'm not a fancy, big-city GDPR expert, but having been a CC/FIPS evaluator, it seems to me that if the cryptographic implementations are good enough for use by the US and allied national governments then they are probably good enough for GDPR.

-- wdf//CISSP, CSSLP
oms
Newcomer I

Dear Arthur,

 

since there is no whitelist of products, there are two things that could very likely be cheked during a customer or government audit or if you need to present your crypto management during contract negotiation:

 

  1. Algorithms
  2. Key Management (ideally managed by policy)

In terms of algorithms, there's nothing wrong with Bitlocker.

Key Management is completely up to you but might screw up the best encryption if not carried out properly.

 

Kind regards

Oliver