This Info Center is a collection of resources about encryption for stored information on portable devices, such as laptops, tablets, and externally attached storage. (Refer to TLS certificates in the Related Info Centers box for information related to encrypted network communications.) The Help Desk provides general support for Windows BitLocker and for OSX FileVault2 full disk encryption. Questions should normally be handled by a departmental IT support person, and if necessary will be escalated to the Information Security & Policy Office or the ITS Enterprise Client Management team.
What is Encryption?
Encryption is a method to protect digital information, by scrambling it as it travels across the Internet, or scrambling it when the information is "at rest" or stored on our computers. This ensures that only authorized users can decrypt (un-scramble) the information and use it. Encryption enhances the privacy and confidentiality, as well as the integrity and authenticity of our information. It helps us keep our information safe.
Why Encrypt Data?
Portable devices such as laptops, tablets, and USB storage are most at risk for being misplaced or stolen. If a device is lost or stolen, encryption prevents unauthorized users from accessing data stored locally on the device. Without encryption, unauthorized users can use various techniques to bypass the accounts and permissions in order to access the local drive contents.
In order to meet our legal obligations and our responsibility to protect the privacy of those we serve, The University of Iowa requires full disk encryption to be implemented on all university owned mobile computing devices (i.e. laptops, tablets, USB storage). The best way to avoid theft or loss of sensitive data is to keep it in a secure file storage offering such as OneDrive, RDSS, or department shared drives, where it's physically secured and regularly backed up. Then, you can easily access the information remotely from your mobile computer. However, encryption is our safety net for new files, temporary (cached) files, and other information that is stored on a mobile device.
Everyone uses network encryption today: over “https” connections from your browser to a website, over cellular phone-to-tower communications, and also over wireless networks that require a login or connection password, such as Eduroam, in order to protect the privacy of communications. Full disk encryption is similarly designed to protect information when its stored.