Encryption is a method of securing data by scrambling the bits of a computer's files so that they become illegible. The only method of reading the encrypted files is by decrypting them with a key; the key is unlocked with a password.
Benefits and key features
Whole disk encryption protects everything on a disk drive – including the operating system. Even files you may not know about that keep exact copies of data that you've been working on, such as temporary files are encrypted.
- Data is protected while a computer is turned off or in hibernation/sleep mode, as long as the hard disk is password protected
- Most useful on machines or peripherals that are likely to be lost or stolen (e.g., laptops and USB drives), but can be enabled on desktops as well
- In the event a password is lost or forgotten, a key recovery process is available for managed computers in the WIN domain
- If necessary, the whole disk can be decrypted with the assistance of a local IT administrator
- Users whose computers are not in the WIN domain should remember to save the password and key in a safe place, such as LastPass
- Encryption does not protect a machine against malware (computer virus) infections
Windows 7, 8 or 10
Mac OS X 10.9 or later
Note: Read Encryption at MIT to learn about the options and recommendations. If you are unsure whether you should be using whole disk encryption for compliance with data security regulations, contact IS&T.
- BitLocker for Windows
- FileVault for Mac
- Encryption on mobile devices: for smaller devices, such as a tablet or smartphone, data can be encrypted using built-in security software. Each device handles this differently, so refer to the manufacturer's user manual.
Note: PGP is no longer being offered on the software grid. Support is being phased out and will discontinue at the end of 2016.
Contact the IS&T Service Desk for assistance with any of the above-listed options.