University of Iowa Faculty/Staff Note: You are strongly encouraged to work with your local IT support to implement full disk encryption for your portable device.
What Encryption Service will be used?
The answer to this question will depend upon your computer's model and your operating system. Refer to the chart below to see what form of full disk encryption you will be using. There are third party software products that provide full disk encryption on multiple platforms, however those tools are not being supported by the university.
|USB Devices||'BitLocker to Go' for use on Windows, or hardware encryption|
|Linux||LUKS or similar, manual install|
|iOS||Built-in device encryption|
|Android||Built-in device encryption|
BitLocker is a form of encryption that comes with the Windows Operating System. BitLocker protects your files by enabling something called Full Disk Encryption. By encrypting the entire hard drive Windows is able to provide a much higher level of security against offline attacks. While this protects the data from offline attacks, once Windows has started, BitLocker has already done all of the protection it can do. BitLocker uses the University of Iowa's Microsoft Bitlocker Administration and Monitoring service to store recovery keys and manage your computer's protection.
FileVault2 is Apple's implementation of Full Disk Encryption that comes with Mac OSX v10.7 and later. (Note: FileVault was used for encryption of a user home directory/files and was first available on OSX v10.3). FileVault2 creates a master password to help recover your files in case your password is lost, and is managed by the University of Iowa's Casper Suite management tool, for safe storage of the master password (recovery key), and management of your computers protection.
iOS and Android devices implement device encryption within their respective Operating Systems and do not require a third party encryption tool. To enable encryption on Android and iOS a passcode is required to unlock the devices.