If you temporarily, occasionally, or regularly store restricted information on your computer, you must contact Pepperdine's Tech Central (x4357) to request encryption for your computer.
Computers that store, print, upload, or download RESTRICTED Information, such as:
- Social Security Numbers
- Name and Drivers License
- Patient Health Information
must have University-managed disk encryption, so that in case the computer is lost or stolen:
- People's restricted information will be protected
- The University will not be required to disclose the loss
What to expect
After you contact Tech Central, a technician will connect with you and schedule the first of three appointments. You will need to dedicate your time to complete the following items during each appointment:
- Briefing, signatures, configuration, and start the backup (30 min).
- Install the software, add the user's main drive, and start encryption (20 min).
- Check login, add users to the encrypted drive, confirm encryption, and start the paperwork (10 min).
For University-owned systems that require whole disk encryption (WDE), IT is paying for the software license and backup.
Expect the backup and encryption process to take at least three visits and several days of backup or encryption time to complete these steps:
- Brief the users, give them the materials, and set the appointment.
- Set screen saver time out and auto-lock for the machine.
- Install the device management agent.
- Perform a full backup to the backup system.
- Install the current University-managed encryption software and users to the main drive.
- Check login and add users.
- Copies of paperwork to users and ISO.
Why so much work? Encryption is labor-intensive to install. The user must be trained to ensure security, during installation and ongoing use, the encryption of the system and the backup need to be done carefully. But once done right, you won't notice it is there, beyond having to input your passphrase.
If your computer is stolen or lost while powered off, the data cannot be read by anyone who doesn't have the passphrase. Further, since the data is not exposed, there is no legal obligation to disclose a loss.
In order to make an encrypted workstation transparent to use, the encryption is tightly integrated into the hardware and operating system. This means that encrypted workstation users should not expect to be early adopters of the latest hardware and operating systems; expect to delay six (6) months before upgrading to brand new versions of your operating system.
What is workstation encryption and what does it protect against?
Workstation encryption turns data on your computer's disks into secret code that can only be read once the key is unlocked by entering your passphrase. You can read an expert guide on "How Whole Disk Encryption Works" from our vendor to learn about the technical details.
The system we use has these advantages:
- Transparent to the end user, once installed.
- Central reporting of what is encrypted.
- Cross-platform: it works on Macintosh and Windows systems.
- Can be unlocked by an audited/logged procedure by technicians to facilitate troubleshooting or in the event of the departure of an employee.
- Is installed with secure cloud backup.
Encryption protects against lost or stolen computers exposing data.
Encryption does not protect against:
- Data theft by malware.
- Infection by viruses.
- Users transferring restricted data to insecure media such as email, flash drives, or mobiles.
- Computers stolen while powered on or in sleep mode.
- FAQ for Workstation Encryption
- Quick Reference Guide for Encrypted Workstation users
- Information Security Quick Reference Guides