Current University policy requires that users encrypt private data that is stored on laptop computers or other portable devices: Enhanced Security for Computers and Other Electronic Devices,
The policy also includes a link to a list of over two dozen options for encrypting your data: Encrypting Stored Data.
The list is daunting, as is this warning:
All encrypted data can be permanently lost if you forget the encryption password (or passphrase). If you decide to save them, decryption keys should be locked in a a safe location.What's the average user to do?
ITSS has a solution: encryption using Active Directory System Center Configuration Manager (SCCM) tools.
Using SCCM, ITSS staff can quickly and easily deploy the current enterprise level operating system - including Microsoft Bitlocker encryption - to specific models of Dell or HP computers that include a TPM (Trusted Platform Module) chip. By leveraging Active Directory services, a copy of the encryption key is stored with the owner's AD profile, and is available to recover a drive in the event the TPM chip fails, hardware changes or the drive needs to be physically moved to another computer.
Don't have a Dell or HP? Haven't had your computer into the TechCenter in awhile? No problem. We can take any computer that has a TPM chip and is configured for Active Directory and deploy the encryption services via SCCM.
For more information on this service, please contact the ITSS TechCenter (218.726.8847 or firstname.lastname@example.org).