Whole Disk Encryption
The popularity of mobile computing devices is growing and becoming a standard of user productivity and efficiency. The portability that comes with mobile computing devices also comes with a higher risk of loss and theft of data. Reliance on operating system logon screens cannot be trusted to securely save sensitive data on a mobile device (laptop, external hard drive, etc.), especially if the device is lost or stolen.
Those using a university laptop for their work have a responsibility to protect the information on that laptop. If the computer is lost or stolen, exposure of the data on the laptop can have significant ramifications for the university, the employee, or potential identity theft victims. To protect data on hard drives, IT Services offers a Whole Disk Encryption service to keep data safeguarded from unauthorized access.
Why do I need the Whole Disk Encryption service?
-
Data on unencrypted computers can easily be accessed, whereas encryption on the hard drive renders the data unreadable by unauthorized persons.
-
Encryption protects the data on the computer, the department that owns the device, and Iowa State University. If a laptop with an encrypted hard drive is stolen, the data is considered protected and meets legal and regulatory compliance.
-
The cost of encrypting a computer is very small compared to the cost associated with a stolen computer that contains confidential data on the hard drive.
What product do you use for the Whole Disk Encryption service?
IT Services manages the licenses and provides support for McAfee Endpoint Encryption to anyone on campus using university-owned equipment.
How much does the service cost?
Pricing for Whole Disk Encryption is as follows:
| License (one-time cost) | Maintenance |
| $40/machine (includes 2 users) | $1/month |
| $20/additional user | $1/month/additional user |
How does data encryption protect my computer?
Whole Disk Encryption protects data written to the hard drive. If the hard drive of your computer is taken out and placed into another computer it will be unreadable. However, if your computer is powered on and you are logged into the computer, it is still susceptible. For the best protection of data owned by the university, your computer should be completely powered off when out of your possession and sight.
How will my daily use change with Whole Disk Encryption?
With McAfee Endpoint Encryption installed on your computer, the only difference you will encounter is the requirement to log into the encryption software with a username and password at startup. After successfully logging in, your computer will boot into Windows, displaying the normal logon, and your experience will be the same as it was before Whole Disk Encryption was installed on your computer.
Can my departmental IT coordinator manage our encrypted computers?
Currently, only IT Services staff can manage encrypted computers; however, departmental IT staff may soon be able to manage them once McAfee incorporates Endpoint Encryption into the ePolicy Orchestrator management service.
Can I use this service with my Macintosh or Linux computers?
McAfee Endpoint Encryption is currently available for Windows operating systems only. McAfee has announced future support for these operating systems; however, until this support is available, ITS recommends using TrueCrypt for protecting Macintosh and Linux computers.
What should I do if I believe my computer has been stolen?
If you believe your computer has been stolen, first contact the local authorities (e.g., security, local police, etc.). Next, contact the Solution Center (515-294-4000). ITS personnel can force a computer to reboot if powered on, logged into, and connected to the Internet. We can also disable all users on the computer, keeping them from logging into the computer.
What if I forget my password?
If you forget your password, call the Solution Center (515-294-4000) for assistance in resetting your password.
How do I request the Whole Disk Encryption Service?
To request Whole Disk Encryption Service, go to the Administrative Systems Access Request page, check the appropriate box in the Requested section, fill out the rest of the form, and click "Submit."
