Eastern Michigan University

Encryption

What is whole disk encryption?

Encryption is a process that secures data by converting it into a code; this code is unreadable except by those who have the "key". Most data can be encrypted in some form which provides privacy and prevents unauthorized use.

Whole Disk Encryption (WDE) is software that is installed with your operating system and encrypts all of the data on the hard drive. With WDE, no one can read the data on your hard drive without the encryption key.

Why would I want whole disk encryption?

Your email, network shares, my.emich page, and so forth are all protected by your password. You probably have a password to access your computer as well. However, if someone were to steal your computer, that person could use software to read the contents of the hard drive even if it is protected by a password. With WDE, the data on your computer is encrypted--and a thief would not be able to read the data on the hard drive.

Depending on your role at the University, you may have access to sensitive data (such as student records, financial accounts, or medical records) that, by law, must be protected. In these cases, this means that the computer you work on must be encrypted to ensure that the data is kept safe. Failure to do so could leave you and the University at risk for loss of privacy, loss of reputation, and potentially expensive remediation.

How do I get whole disk encryption?

If you are using an EMU computer, contact the Help Desk at 734.487.2120 or I.T. Security at 734.487.0101 to request McAfee's Whole Disk Encryption option.

If you are using a personally-owned computer, there are several options available to you for purchase or for free. Please note that none of these products are endorsed or supported by the Division of I.T.

  • Bitlocker (Windows 7 users): Bitlocker is a technology designed by Microsoft and built into the operating system.
  • FileVault (Mac OSX users): FileVault is an encryption option that is built into the operating system.
  • TrueCrypt (PC and Mac users): TrueCrypt is free.

What about USB drives/DVDS?

Because they are easy to lose or steal, we do not recommend storing protected data on removable drives like USB keys or DVDs. While it is possible to use software systems to encrypt mobile storage media, doing so presents a unique challenge. Since very encryption solution uses its own system to provide the encryption/decryption key, you must have the same version of the encryption software on the sending and receiving computer in order to encrypt and decrypt a mobile media device.

An alternative is a USB-resident encryption solution device which typically has its own software to manage the encryption. This eliminates the need to install and update software on every computer you use.

Division of Information Technology

118 Pray Harrold

Ypsilanti, MI 48197

Phone: 734.487.3141

Fax: 734.481.9290