Encryption for Laptops

September 4, 2015

Iowa State University adopted a new six-point security plan last year.  Part of that plan includes whole-disk encryption for laptops.  If you have an enterprise class laptop (Dell Latitude) that you use for work at ISU then it will need to be encrypted. 

Whole-disk encryption encrypts all the data on your laptop so that if your laptop is lost or stolen and the person doesn’t have your admin password, they will not be able to read any of the information on your computer.  When EIT encrypts the laptop, what’s called an escrow key is stored in Active Directory on campus so that in a worst-case scenario (admin password lost and the computer is out of the domain or we need to remove the hard drive from the computer, etc), EIT can still retrieve the data.

Below are some frequently asked questions modified from a draft document produced by the IT Leadership Committee workgroup on Encryption:

  1. What is encryption?

Encryption converts data on a storage device into a format that can only be read if you have the secret encryption key. This ensures that if the device falls into the wrong hands, the data cannot be read. The type of encryption we're doing is called whole-disk encryption.  This means when you are logged into your computer, all the data will be unencrypted. This is why it's important to not only encrypt your computer, but also to use a strong password, and to lock your computer when unattended.

  1. Why do we need to encrypt computers?

The ISU Minimum Security Standards (https://www.it.iastate.edu/policies/minimum-security-standards) require that data classified moderate through restricted be stored in an encrypted form.  The Iowa state auditor also requires that state-owned laptops be encrypted.

  1. What devices need to be encrypted?

All University-owned devices storing moderate through restricted data must be encrypted. Because laptop computers are mobile and more likely to be stolen, our first priority is encrypting laptops.

  1. How long will it take to encrypt my computer?

Turning on encryption only takes a few minutes. After that encrypting your data will take several hours, but it will happen in the background and you can continue to work normally.

  1. Will my computer run slower after encryption?

Modern computers have hardware that handles the encryption with very little performance impact. While actively encrypting, the process will temporarily fill your available hard drive space, gradually giving it back as the process proceeds (at most a few hours).  The overall speed reduction is at most a few percent (in general, this should be no more than 1%.  If your computer seems to be running very slowly, contact the EIT Computer Support Hotline as it's likely not related to encryption).