Supported Encryption Technologies: Stanford Whole Disk Encryption
Now, as part of its Whole Disk Encryption service, Stanford encourages the use of native encryption tools: the software built into your operating system. Stanford Whole Disk Encryption provides an installer, which checks your computer for certain requirements before proceeding with encryption using those native encryption tools:
- OSX Lion (10.7) and later come with FileVault 2, which provides whole-disk encryption. We recommend upgrading Macs to 10.8, which includes an option to automate the storage of recovery information.)
- OS 10.5 or 10.6 can only run McAfee Endpoint Encryption, which is no longer one of the recommended encryption methods; if your computer will run 10.8, we recommend upgrading.
- Download the Macintosh encryption installer and see whole-disk encryption instructions for FileVault or MacAfee.
- Windows 7 (Ultimate or Enterprise) or Windows 8 (Professional or Enterprise) can use BitLocker to encrypt the hard disk using Windows built-in encryption technology. To run BitLocker, your computer must also have the Trusted Platform Module (TPM) version 1.2 or higher installed, enabled, and activated. If you need help with this, contact your local IT support. Learn how to Enable BitLocker.
- Note: If your Windows machine does NOT have a TPM, the Information Security Office has approved using BitLocker with the password option—provided the settings require password complexity for the OS, fixed data drives, and removable data drives. Without a TPM, there's no specific protection against brute-force password attacks, so we encourage you to create a long and strong password (more than 12 characters) which, of course, should not be stored with the device (e.g., on a post-it note).
- Windows XP, Vista, and some versions of 7 & 8 should use McAfee Endpoint Encryption, if they cannot be upgraded to a version that supports BitLocker.
- Download the Windows encryption installer and see whole-disk encryption instructions for BitLocker or MacAfee.
Stanford University IT Services used to support and encourage the use of PGP, a public-key signing and encryption software. Now Stanford supports native encryption technologies (as opposed to third-party software), and therefore strongly encourages anyone who is still running PGP to transition to a different form of whole-disk encryption by the first half of 2013.
Many smartphones and tablets—but not all—also come with their own native encryption, and Stanford has software to help centrally manage your device: MDM (Mobile Device Management). If your phone, iPad, or other device is used to access Stanford information (even if it belongs to you personally), it must be registered with MDM or a comparable Stanford service. Not all phones are approved to handle Stanford information; see our page for critera, and instructions for enrolling.
For help encrypting your computer, phone, or tablet, submit a HelpSU request to IT Service.