Use this document to find FAQ on Encryption.
What devices need to be encrypted?
Desktops (as rebuilt or replaced), laptops (ASAP) and backup devices/media (ASAP) that may be used to handle University private sensitive information.
How do we identify which computers access PSI?
Refer to the function of the office and/or user of the device and their typical business activities. Consult with University Data Stewards about expected users. Identity Finder scan results may reveal users who have accessed some categories of sensitive data.
What tools are provided by USU to encrypt devices?
USU administers a central Active Directory Domain which will facilitate the use of BitLocker to comply with these requirements. Encryption tools require careful management to insure that encryption keys are adequately protected from loss or exposure.
Where can I learn how to use and manage encryption tools?
The IT Service Desk has detailed instructions in the ServiceNow Knowledge Base for using BitLocker on the central domain. Additional instructions for other options will be group-sourced from the combined experience and recommendations of desktop support staff from across the University.
Where do I store encryption keys?
The IT Service Desk has detailed instructions in the ServiceNow Knowledge Base for using BitLocker on the central domain. Additional instructions for other options will be group-sourced from the combined experience and recommendations of desktop support staff from across the University.
Where can I learn how to use and manage encryption tools?
The IT Service Desk has detailed instructions in the ServiceNow Knowledge Base for using BitLocker on the central domain. Additional instructions for other options will be group-sourced from the combined experience and recommendations of desktop support.
What are my auditing responsibilities on encrypted systems?
Initially, self-reporting of compliance will be expected for each office that might store or access private sensitive data.
What are implementation costs?
- Setup cost on a new computer: adding encryption to the setup process has minimal impact once the process is established, for either Windows Enterprise with BitLocker or for any system with an open source or aftermarket encryption package
- Setup cost on an existing computer: To rebuild a Windows Pro installation as Windows Enterprise and convert existing storage would typically take about 3 hours of technical staff labor and result in 1 day+ out of service for the end user. To add an open source or aftermarket encryption package would take less than an hour to install, but a variable amount of time to encrypt the existing storage.
- BitLocker provides a support/management layer which allows tech support staff to have management access independent of the end user's encryption key choice, and also to help the end user recover from a forgotten key. The other encryption packages do not provide that layer of service. A forgotten key can result in loss of access to the data on that device.
Related Articles
Review the article Encryption @USU for more information regarding policies, guidelines, and instructions for enabling encryption.
For further assistance, please contact your Department IT Support or the IT Service Desk