Full disk encryption coming to University laptops

Over the next few weeks, Miami University IT Services will be rolling out full disk encryption (FDE). Almost everyone who works at Miami has some confidential information, as defined in MUPIM 3.22, on their computers. By installing FDE, we are ensuring that none of that confidential data can be accessed if an employee’s Miami-issued laptop is lost or stolen.

Earlier this week an announcement went out regarding this project. (Visit IT News for the full message.) Below are several frequently asked questions about this new requirement, and how it will impact users. Visit the Full Disk Encryption FAQs page for a complete list of FAQs.

white key on a red backgroundWhy are we doing this? How does this benefit Miami?

We already take a number of steps to protect confidential information when it is “data in motion”, such as only allowing access to your email web interface via “https”. Protection for “data in motion” protects Miami data from someone who is able to eavesdrop on your network communication, and is especially important when you are outside of the Miami network, such as when you’re uptown at Kofenya or Starbucks.

This encryption software will protect confidential information when it is “data at rest”. Without encryption on your hard drive, a thief who steals your laptop will be able to access all of the data on your laptop whether or not they have your password. They can simply remove the hard drive, connect it to another computer that they control, and then access all of the data on your hard drive. By adding encryption to protect your “data at rest”, when the thief attempts to access the data on your hard drive they will only see encrypted data while all authorized users of the laptop will be able to access the data normally.

I have a personal computer. How does this encryption rollout affect my personal computer?

This project is only for Miami-owned laptops. Your personal computer will not be affected by this. The encryption programs that we are using, BitLocker (Windows) and FileVault (Mac), are both built into their respective operating systems. If you would like to install either on your personal computer, you can do so by following guides available on the Internet. Be aware that Miami will not be able to assist you in recovering data if you encounter an issue, as your personal computer will not be linked to the centralized software programs we are using to manage the encrypted Miami laptops.

Related: Will there be a way to get this encryption on personal computers that are used for University purposes, such as those used by contractors and part-time faculty members?

If the computer is a Miami-owned laptop then it will be encrypted regardless of the user. If the computer is personally owned by a contractor or part-time faculty member, it will not be encrypted as part of this project.

I have a Miami desktop, what does this mean for me?

Nothing will happen to your desktop in this part of the project. Laptops are more likely to be stolen than desktops, so we are targeting this higher risk first. We are looking to incorporate any lessons learned from the laptop encryption roll out into a future desktop encryption roll out. Once we have identified dates for the desktop encryption roll out we will communicate them to faculty and staff.

How does this affect files that I move from my encrypted computer to another location (Google Drive, USB drive, etc)?

We are using what is known as Full Disk Encryption (FDE). It works by encrypting all of the data on a selected hard drive. If a laptop with an encrypted hard drive is stolen, all the files are safe. If you copy a file to another location, it is no longer being stored on the encrypted hard drive so it will be stored in an unencrypted fashion unless the target location is also running Full Disk Encryption. Your files are only as safe as the drive they are stored on.

Do I need to do anything physically myself, or will it install automatically?

When your Miami laptop is connected to the Miami network, it will automatically communicate with the centralized servers that manage your laptop. This will instruct your laptop to begin the encryption process. There is nothing that you need to do yourself.


Miami acknowledges October as National Cyber Security Month

IT Services security awareness table with prize wheel and Connie Johnson, Lisa Raatz and Chris Linebrink assisting a studentOnce again Miami is taking part in recognizing the importance of National Cyber Security Awareness Month (NCSAM) with a variety of events on the Oxford, Hamilton, and Middletown campuses. An information booth will be available at various locations on each campus throughout the month of October. Stop by to learn about how you can better protect yourself, your information, and your devices, as well as meet Miami’s information security staff and spin the prize wheel.

For additional information, and the full schedule of Security Awareness sessions on all three campuses, visit MiamiOH.edu/SecureIT.