search

Encryption

Cornell University has revised Policy 5.10 and now requires “whole-disk encryption for all university-owned desktops, laptops, tablets, and smartphones”.   For more information regarding the policy revisions or to read the policy please see:

https://www.dfa.cornell.edu/policy/news/revisions-university-policy-510-information-security

CALS-OIT will begin the process of encrypting the hard drive(s) on Windows computers with an offer of the software to select Departments beginning on October 4th. Encryption will follow our standard weekly Windows maintenance cycle, which is documented at http://cals.cornell.edu/about/leadership/ofa/it/weekly-windows-update. More info will follow regarding when your specific Department will be encrypted.

For Apple computers, CALS-OIT will need to encrypt the hard drives individually at a later date due to technical issues which make this a more manual process. We will be in touch with Apple users about scheduling encryption of their computers.

At this time, removable drives will not be encrypted.

Dual boot systems (Win/Linux) will not be encrypted at this time. For these use cases, we are recommending two machines or a VM where the host OS can be encrypted to secure the guest OS(s), depending on the circumstances that cause you need two boot options.

Encryption details for Windows computers

Encryption for Apple computers will require a brief (5-10 minute) IT interaction with your computer. We can do this in our office, in your office or remotely. If we have contacted your Department about beginning encryption you can submit a request with a convenient time to do this work, bring the computer by the IT office or wait and we will be in touch with you.

During the encryption process you might notice that your hard drive shows as full or, especially for older (slower) computers and those with very full hard drives, you might notice a performance lag. Encryption will take anywhere from less than an hour for solid state hard disks to several days, encryption will take longer for older (slower) computers, computers with large amounts of data or if you shut the computer down during the encryption process. Once the encryption process is complete, free drive space and system performance will return to what they were.