Desktop/Laptop Security by Disk Encryption

During the Information Lifecycle, data must be encrypted when stored on your devices or sent to someone else. With laptops and mobile devices now commonplace, most of us are used to taking our electronic lives with us wherever we go. Therefore, if your role at the university requires you to process or in other capacities handle Category 1-Restricted Data, this presents a serious risk if your equipment is ever lost or stolen.

Encryption Considerations

As with any encryption technology, if you lose your password, the files are usually unrecoverable unless you've made backups. Also, file, folder and whole-disk encryption generally don’t protect your files if your computer is compromised. Encryption technology is best suited for protecting information if your laptop (or portable storage drive) is lost or stolen. Finally, if or when your devices “wake up” (i.e. opening your laptop, or pressing your phone’s home button), the device must ask for a password before granting access. If it doesn’t do this, the encryption provides no value as the information on the device can be accessed by whomever found or stole the device.

Secure File Service

Secure File is a service providing whole disk encryption on Windows desktops and laptops, and CIFS file share encryption on designated file servers. This service addresses the requirements for securely storing Category 1-Restricted Data and/or Personally Identifiable Information.


Windows XP Professional, Windows Server 2003 and 2008, and Windows Vista and Windows 7 (Business, Enterprise and Ultimate versions only)

UB owns a product (PGP Whole Disk Encryption) that can protect the regulated information on your device in the event it’s stolen. Ask your IT support or the Information Security Office about getting this program installed. Also available are a wide variety of no-cost technologies that can be used to protect UB's Category 1-Restricted Data.

Windows XP Professional, Windows Server 2003 and 2008, and Windows Vista and Windows 7 (Business, Enterprise and Ultimate versions only)

There is a feature called Encrypting File System (EFS) that allows you to encrypt all of specific folders and files.

Windows Vista and above (Enterprise/Ultimate/Pro editions only)

These versions include BitLocker which will encrypt your entire drive. It requires more effort to enable than EFS, but once enabled, you don't have to remember to encrypt information as you save it to your laptop.

Mac OS

Included is an encrypted file system feature using its Disk Utility application. This feature is similar to Windows Encrypting File System, but requires some effort to initially configure the encrypted file system. Once configured, it lets you selectively encrypt files and folders.

OS X also includes a feature called FileVault that will encrypt your entire home folder. This feature is similar to BitLocker in that it encrypts, essentially, all of your working files. FileVault is very easy to configure.


UBIT offers TrueCrypt, which is also available for Windows and OS X as a free add-on application. It allows for the encryption of specific files and folders, or for entire disks.  Some Linux distributions include TrueCrypt as an installation option, requiring very little effort to enable.