Encryption is a method of securing data by scrambling the bits of a computer's files so that they become illegible. The only method of reading the encrypted files is by decrypting them with a key; the key is unlocked with a password.
Benefits and key features
Whole disk encryption protects everything on a disk drive – including the operating system. Even files you may not know about that keep exact copies of data that you've been working on, such as temporary files are encrypted.
- Data is protected while a computer is turned off or in sleep mode, as long as the hard disk is password protected.
- Most useful on hardware that is likely to be lost or stolen (e.g., laptops and USB drives), but can be enabled on desktops as well.
- A key recovery process is available for managed computers in the WIN domain in the event of a lost password.
- The whole disk can be decrypted with the assistance of a local IT administrator.
- Users who are not in the WIN domain must save their password and key in a safe place, such as LastPass.
- Encryption does not protect a machine against malware.
Windows 7, 8 or 10
Mac OS X 10.9 or later
Note: Visit Encryption at MIT to learn about options and recommendations. Contact IS&T if you are unsure whether you should be using whole disk encryption for compliance with data security regulations.
Note: PGP is no longer being offered on the software grid. Support is being phased out and will discontinue at the end of 2016.