What is WDE (Whole Disk Encryption)?

Summary

This article contains information about Whole Disk Encryption at U of I.

Body

Whole Disk Encryption Overview:

Request encryption assistance

Encrypting your computer is one of the most effective ways to protect the information stored on your hard drive. If your computer stores or processes high risk data (see Standards: Data Classifications), encrypting your hard drive is a necessary step to ensure the security of any data in case of loss or theft of your device. High risk data should only be stored on approved ITS locations under UI policies and standards; however, to protect any incidental data that may accidentally reside on your local system, Whole Disk Encryption (WDE) is an essential best practice.

If your device is ever lost or stolen, ITS can verify that the device was encrypted and that your information may not be accessed by any third party.

The University of Idaho requires computers which process high risk data be encrypted using WDE, and will encrypt by default many computers.

What it Can Do

  • Protect all data if your computer is lost or stolen
  • Protect data from unauthorized users attempting to break in to your physical device

What it Cannot Do

  • Encrypt e-mail
  • Encrypt files moved to the network (i.e. S: drive or OneDrive), or a USB/flash drive
  • Protect data stolen by malware or someone with your password

Features

  • Information stored on computers encrypted with WDE cannot be accessed by unauthorized users
  • Information can be recovered from the system with the assistance of ITS in the event that the startup passphrase is lost or forgotten
  • Encryption can be deployed consistently across both Windows and Mac computers

Requirements

Windows 10 (1909) and newer supported versions of Windows

  • At least 1 GB of RAM (Not all of this is needed by WDE)
  • System must be joined to the Active Directory Domain.
  • System must have the System Center Configuration Manager client installed. You may need assistance from your TSP or SysAd as an employee, or the Student Technology Center as a student.
  • Systems using Windows must be equipped with a Security Chip (TPM) version 2.0+

Mac OS X 10.14 and newer

  • At least 2 GB of RAM (Not all of this is needed by WDE)

Learn More

University Data Classification and Standards Policy

Standards: Data Classifications

Support

How to find your Computer Name and MAC Address [Tutorial]
How to set up Encryption - [OS X] [Windows]
What to do if you've forgotten your Encryption Passphrase - [OS X] [Windows]
WDE Frequently Asked Questions [Tutorial]

If you need help with startup authentication or require additional assistance, submit a request to your TSP or System Administrator if you're an employee. 

Related Articles

Related Articles (4)

Essential Cyber Security Tips for UI Employees
In the case that a user forgets the Power-On-Authentication passphrase that they set when encryption was enabled, this tutorial will demonstrate how a recovery key can be generated so that they can boot their OS X Apple computer and reset their passphrase.
Answers to frequently asked questions about Whole Disk Encryption.
Malware removal is not an effective way to ensure an infected computer is clean. The best way to approach malware infections is to format and re-image the computer.

Related Services / Offerings

Related Services / Offerings (2)

Report an information security incident.
I want to protect the information and high risk data stored on my computer.