The purpose of the Stanford Whole Disk Encryption (SWDE) service is to protect your information and Stanford's data stored on laptop and desktop computers.
Encrypting your laptop and desktop computers via SWDE is the single most important step you can take to protect your and the University’s data in the event the device is lost or stolen. The University has established a goal of verifiably encrypting all faculty, staff, and postdoc Windows and Macintosh computers by May 31, 2015. This requirement applies to both Stanford and personally owned computers that will continue to be used for Stanford activities on the campus network, other than those granted exceptions due to special research requirements. Note that those who access, transmit or store Prohibited or Restricted information as defined under the Data Classification Guidelines should have all data encrypted by now and cannot wait until the May 31, 2015 deadline to do so.
The Stanford Whole Disk Encryption service is for both Windows and Macintosh desktop and laptop computers that support native encryption. This service secures data using standard NIST-approved encryption of the computer hard disk. Once installed, all files are automatically encrypted. The data is protected while the computer is in standby or hibernation mode as long as the hard disk is password protected.
Additional data protection may be needed to reduce risks in other scenarios, such as transferring data from one computer to another.
- Only those with password access to the system are authorized to access the data, which protects the data if your computer is lost or stolen.
- Every computer using SWDE automatically checks in with a logging and administrative server on a regular basis. In the event of loss or theft of a computer with Restricted or Prohibited Data, Stanford policy requires notification of the Information Security Office (ISO). ISO in turn will use the logs to determine if a lost or stolen computer is a "reportable" event, possibly requiring notification of persons whose data may have been lost or stolen.
- In the event you lose or forget your password, the IT Service Desk will assist you in accessing your computer.
- If necessary, the whole disk can be unencrypted (with the assistance of your local IT support).
Note: Computers on which you access or use Prohibited or Restricted data must run SWDE. Computers on which you access or use other types of Stanford data (i.e., Confidential or Unrestricted) are recommended to run SWDE, but you can request an exception to SWDE by filling out a Compliance Exception Request. Exceptions require that you maintain your computer in a suitable way (e.g., have a password screen lock that will engage after a maximum period of 60 minutes) and run the VLRE application that periodically reports on the computer's encryption status. We are actively developing VLRE, which will be available in March 2015.
On rare occasions during the encryption process, we have seen disk failures occur. For this reason as well as being a general best practice, you are strongly encouraged to back up your files before starting to encrypt. ITS CrashPlan PROe provided by IT Services is the recommended backup service and is widely used within Stanford, but your local IT group may provide other options. CrashPlan encrypts your backups for secure storage and also provides the option of setting a secondary password to ensure that only you can restore the files.
See Getting Started with Stanford Whole Disk Encryption for more information about the SWDE service.