When you store sensitive data on your computer, it’s crucial that you take the necessary steps to protect that data. You can protect your data by using encryption.
Unlike a physical Windows PC, Windows virtual machines afford more encryption options, as there is the macOS® host operating system and Parallels Desktop® for Mac virtualization.
Enterprise environment encryption is a standard and a must. Most of the time, IT teams use BitLocker, which is available in Pro and Enterprise editions of Windows 7 and Windows 10.
In this article, we will compare virtual machine encryption: Microsoft BitLocker encryption to Parallels Desktop for Mac encryption engine.
Special aspects of virtualization for encryption
BitLocker normally requires a Trusted Platform Module, or TPM, on your computer’s motherboard. This is a special microchip that enables a device to support advanced security features.
Since we are talking about virtual machines running on Mac®, this is not an option; Mac computers do not have a TPM chip. You can use BitLocker without a TPM chip by using software-based encryption, but it requires some extra steps for additional authentication.
On the other hand, Parallels provides an encryption module. This module uses Advanced Encryption Standard (AES) with 256-bit key length, which is sufficiently strong and has a fast encryption algorithm.
If you are considering BitLocker encryption for your Parallels Desktop virtual machines, make sure you are using Windows 10. With Windows 10, Microsoft introduced an ability to “Encrypt used disk space only (faster and best for new PCs and drives).” If you enable BitLocker in Windows 7 that has expanding virtual hard disks by default, all its free virtual hard disk space will be allocated. (If it was 18 GB, it will likely become 64 GB or 128 GB. It depends on what was the maximum allowed size of expanding virtual hard disk. An expanding virtual hard disk image file is small initially. Its size grows as you add applications and data to the virtual hard disk in the guest OS.)
We ran some performance tests on a Windows 10 virtual machine for BitLocker and Parallels encryption:
- BitLocker is faster than Parallels encryption when working with large files.
BitLocker seems to be faster, especially if you work with large files up to 2 GB, where the difference can be up to two times faster. With average office work it is not that dramatic—BitLocker is only about 7% faster.
- Enabling BitLocker slows down virtual machines by 10% compared to non-enabled machines.
If we compare a virtual machine with and without BitLocker enabled, the VM without BitLocker is about 10% faster in disk operations. BitLocker should also affect battery life a little, but this is the cost you pay for data security.
Configuration used in testing:
Parallels Desktop 12 for Mac, build 12.2.0-41591
Mac Pro® “Quad Core” 3.7 (Late 2013)
Windows 10 2vCPU and 2 GB vRAM
BitLocker and Parallels Encryption Engine Limitations
If a BitLocker-enabled virtual machine is in suspended state, or there is a snapshot of a running state created, then this virtual machine becomes vulnerable to unauthorized access to data which is not the case with Parallels encryption engine.
As a preventive workaround for this potential security breech when using BitLocker with a virtual machine, the virtual machine must be always shut down after a user has finished his work with it. There is a way to make it easier with Parallels virtual machine settings by changing both options “On Mac Shutdown” and “On Window Close” values to “Shut Down”.
Parallels encryption engine does not support the use of USB flash drives to get authorized access to BitLocker-encrypted drives, but it might have been already fixed by the time you read this post. If not, and you are interested in this functionality, let us know on our dedicated forum thread for feature suggestions.
We think that data protection is important and you learned something new after reading this article.