If you temporarily, occasionally or regularly store restricted information on your computer, you must contact Pepperdine's Tech Central (x4357) to request encryption for your computer.
Computers that contain restricted Information, like:
- Social Security Numbers
- Name and Drivers License
- Patient Health Information
must have their disks encrypted, so that in case the computer is lost or stolen:
- people's restricted information will be protected
- the University will not be required to disclose the loss
What to expect
After you contact tech central, a technician will contact you to and schedule the first of 3 appointments. You will need to make your attention available to the technician for the amount of time listed below for teach appointment.
- Briefing, signatures, configuration and start backup (30 min).
- Install software, add users main drive and start encryption (20 min)
- Check login, add users to encrypted drive and start encryptions, paperwork (10 min).
For University-owned systems that require whole disk encryption (WDE) IT is paying for the software license and backup.
Expect the backup and encryption process to take at least three visits and several days backup or encryption time to complete these steps:
- Brief the users, give them the materials, set the appointment.
- Set screen saver time out and auto-lock for the machine.
- Install the device management agent.
- Perform a full backup to the backup system.
- Install PGP WDE / Symantec Encryption Desktop & users to main drive.
- Check login, add users.
- Copies of paperwork to users and ISO.
Why so much work? Encryption is labor intensive to install. The user must be trained to ensure security, during installation and ongoing use, the encryption of the system and the backup need to be done carefully. But once done right, you won't notice it is there, beyond having to input your passphrase.
If your computer is stolen or lost while off or hibernated, the data cannot be read by anyone who doesn't have the passphrase. Further, since the data is not exposed, there is no legal obligation to disclose a loss.
In order to make an encrypted workstation transparent to use, the encryption is tightly integrated to the hardware and operating system. This means that encrypted workstation users should not expect to be early adopters of the latest hardware and operating systems; expect to be 6 months behind the cutting edge.
What is workstation encryption and what does it protect against?
Workstation encryption turns data on your computer's disks into secret code that can only be read once the key is unlocked by entering your passphrase. You can download a white paper from our vendor to find out the technical details.
The system we use has these advantages:
- Transparent to the end user, once installed.
- Central reporting of what is encrypted.
- Cross-platform - it works on Macintosh and Windows systems.
- Can be unlocked by an audited/logged procedure by technicians to facilitate troubleshooting or in the event of the departure of an employee.
Encryption protects against lost or stolen computers exposing data.
Encryption does not protect against:
- Data theft by malware.
- Infection by viruses.
- Users transferring restricted data to insecure media such as email, flash drives or mobiles.