The Office of Information Technology is rolling out full-disk encryption (FDE) to all faculty and staff computers. What does that mean? Here are a few things to know.

What is full-disk encryption?

Encryption refers to scrambling a given volume of data so it's unreadable without decrypting it with a key, commonly a login password. By default, new devices are unencrypted, potentially opening up access to anyone able to physically access them. With FERPA-sensitive student data, donor records, grades and more, this represents a clear data security risk should a device go missing or be stolen.

Why are we adopting encryption?

Our primary reason for encrypting all faculty and staff computers is security. When a computer's hard drives are encrypted, anyone attempting to access data without the decryption key will be unable to read anything. In fact, with current technology, forcibly attempting to decrypt the machine by guessing the decryption key would take thousands of years.

In the event that your computer is lost, stolen, or otherwise accessed by an unauthorized individual against your wishes, your sensitive information will remain undisturbed.

How is my computer encrypted? Don't I run the risk of losing access to my files?

Windows and macOS both feature robust full-disk encryption programs by default: Bitlocker on Windows and FileVault 2 on Mac. Settings vary between operating systems, but they work essentially the same, utilizing industry-standard 256-bit AES encryption to protect your data. The decryption key is tied to your login password, meaning your data will be accessible so long as you are logged in to your computer.

The Office of Information Technology will maintain a secure repository of decryption keys in the event you lose access to your password, or your device has to be serviced by a third party.