Whole disk encryption (WDE)
In order to help mitigate risks to information associated with physical loss or theft, computer hard drives (and other devices such as USB keys and flash drives) can be encrypted to prevent unauthorized access to information. Whole Disk Encryption (WDE) is centrally-supported by University Systems and provides benefits such as encrypting an entire hard disk (including operation system, applications, and data), central management, policy enforcement, encryption key management, and recovery. While this service can be used on most computers, it is primarily intended for laptops and related devices that may contain internal, confidential, or highly-confidential information.
WDE protects your files if your computer is lost or stolen. If someone tries to break into your system to retrieve files, they will not be able to access the computer as long as they do not have your passphrase. This is most useful for laptop computers and desktop systems with confidential or highly-confidential data.
WDE is limited to protecting the files while they are on your computer. It does not provide encryption to files that are:
- sent via email;
- kept on a separate flash drive/thumb drive/USB drive/floppy disk (which was not explicitly encrypted with WDE); or
- moved over the network via shared folders.
When you move an encrypted file off of your computer, it is no longer encrypted.
If an encrypted computer is left unattended while the user is logged in, the files are accessible and the data is not protected.
Who can use this service?
How do I access this service?
With your manager or supervisor, determine if it is absolutely necessary that you store confidential or highly-confidential data on your computer and that WDE is the best solution for you to protect university data. Please see the Information Security Policy for more information.
If you determine that you need to install WDE, contact the Computer Help Desk or your local desktop support staff who will assist with the download and installation of the software and begin the encryption process.
What is the cost for this service?
The recommended encryption software (BitLocker for Windows and FileVault 2) is included at no cost for most new computers.
When is this service available?
This service is available 24 hours a day, 7 days a week, except during scheduled and unscheduled maintenance. You can be informed of service interruptions by subscribing to Informed. Servers do not need to be available or reachable (i.e. you take your laptop off campus) for this service to function.
|Notice for travellers: WDE software contains encryption technology, which is restricted in some countries. Some countries may require a permit to bring encrypted devices into the country. University Systems recommends that any persons planning on travelling to a foreign country with a encrypted device should contact Foreign Affairs and International Trade Canada prior to departure.|
How do I get help with this service?
For assistance with this service, please contact the Computer Help Desk:
If your department has Desktop Support Services, contact your departmental personnel.