IST has ended support for the SecureDoc whole-disk encryption product as of March 2018. What does that mean for you?
Whole-disk encryption
Whole-disk encryption (or whole-device encryption) is an operation that will mitigate the damage of data loss should a computer or mobile device be stolen or lost. All data on the device is encrypted using secure keys and sophisticated algorithms. Although the physical device may be gone forever, the encryption ensures that all data, University or personal, is not readable by anyone, even if the storage device is moved to a different computer.
There are times when certain staff and faculty need to have access to documents away from the office and can not always be certain of having a secure network connection to UW. When carrying such data remotely, it is absolutely necessary to protect it from unauthorized viewing or use. In these cases, whole-disk encryption must be used.
SecureDoc at Waterloo
For several years, IST supported the use of SecureDoc whole-disk encryption software on campus. As well as encrypting the device storage, the software allowed IST to keep an emergency key for encrypted devices. If a client forgot the password or was otherwise unable to log into a device protected by SecureDoc, IST could provide that client with a temporary password to gain access to the device.
When this software was first implemented at UW, there were few solutions to encrypt devices in this way. In recent years, more operating systems have had whole-disk encryption built-in, making it no longer necessary to have a third-party solution. The operating system solutions may also include the ability to generate an emergency temporary password to access the device. These developments have made third-party software less necessary.
Device encryption options for you
Although there are too many possibilities to discuss in a short article, we have some recommendations for you to protect your data using device encryption:
-
For Windows users, Bitlocker is built into some versions. The UW standard is Windows 10 Education, which provides Bitlocker.
-
Mac OS X, as of version 10.7, offers FileVault 2 to encrypt entire drives.
-
Popular Linux variants (Ubuntu, Debian, SuSE, Mint, Red Hat, etc.) generally include the option to encrypt the entire drive of a device at installation time.
-
Apple iOS devices will activate encryption when you set a passcode. The method to do so varies slightly with your version of iOS. This is a very fast process.
-
Android devices can be encrypted, but the process takes longer to complete compared to Apple iOS devices. The process to do so depends on your Android version and your device manufacturer but generally requires selecting the activation of device encryption in Settings. Depending on the size of your storage device, this could take a couple of hours to complete.
If you have further questions about encryption or data protection, please contact your faculty service desk or the IST Service Desk.