New encryption to be part of core systems, delivering security and support
25 July 2019
Whole Disk Encryption (WDE) is a layer of protection for the information stored on your laptop that complements your normal user login. Even if someone plugged your hard disk into a computer they can log in to, your data and software remain secure. This is a safety net in case your laptop gets lost or stolen.
When a University-wide WDE facility was needed in 2013 we used a system called Symantec Drive Encryption. This system allowed us to prove that a lost/stolen laptop was encrypted, and to help users regain access if they forgot the passphrase required to start the laptop. Changes to the Symantec software and to our Microsoft site-license mean that Symantec Drive Encryption is no longer the best way of providing WDE in the University.
We are now moving to the encryption tools that come as part of Windows (BitLocker) and Mac OS X (FileVault). IT Services has communicated with IT support staff in departments, faculties and colleges so they can lead the move for their staff, and with all registered users of the old WDE system. The old system will be turned off on or after 31 July 2019. Encrypted devices that have not moved at that point will continue to provide protection and can be used with the same passphrase as previously – but it won’t be possible to check whether a lost device was encrypted or to help with forgotten passphrases.
During six years of operation, Symantec Drive Encryption has been used to secure over 2,000 laptops for 1,760 members of staff. We have trained 184 members of IT support staff to use WDE in 77 departments or colleges, and issued around 200 recovery tokens for users who forgot their passphrase. We are pleased that this security and support will now be provided as part of our core systems.