Laptops, desktops and other portable media that store restricted data are of great concern since they can be easily lost or stolen due to the distributed nature of their physical location and system administration. The purpose of desktop encryption is to render data on desktops and laptops unreadable so that risk is reduced if a computer storing restricted data is lost, stolen, compromised or disposed of improperly.
To mitigate or reduce the risks, the campus has approached the security vendor and implemented the following data encryption mechanisms:
The Office of Campus Information Security (OCIS) has purchased 2000 licenses for campus use. These licenses are available to anyone wishing to participate in the project at no cost.
- Full disk encryption for most flavors of Windows
- File and folder encryption for same flavors of Windows
- Full disk or file/folder encryption for Windows Mobile devices
- Centrally managed configuration and escrow of encryption keys
With the growing amount of confidential information stored on end user devices, there are many threats causing such confidential information to be accessed by unauthorised parties. Some threats are unintentional, such as device loss or theft, while others are intentional, for example, malware threats, also known as malicious codes.
Data encryption leverages mathematical calculations and algorithmic schemes that transfer plain text into cipher text, a non-readable to unauthorised parties. As data encryption implant security controls inside sensitive data itself, it is now one of the most effective means to prevent leakage of sensitive information over transmission via the Internet.