The University of Northern Iowa is committed to protecting the data entrusted to its care. An easy and relatively transparent way to aid in achieving this goal is the encryption of hard drives used on university-owned computers. Whole Disk Encryption (WDE) works by converting the data stored on the drive in such a way that it is undecipherable without the decryption key, thereby protecting the data from theft if the computer is stolen or operated by an unauthorized person. When an authorized user starts the computer and logs in, their passphrase permits the computer to decrypt the contents of the hard drive so that it can used normally.
UNI will utilize industry standard encryption tools to accomplish this task, Bitlocker on Windows computers and FileVault2 on Macintosh computers. When the encryption takes place, a “recovery key” is collected by computer management software so that if the user forgets their passphrase used to decrypt the hard drive, the contents can still be recovered.
At the present time, UNI technical and desktop support personnel are working hard to encrypt all mobile computers, primarily laptops and tablets, to meet the requirements set by the Board of Regents at the recommendation the State Auditors office. The Mobile Device Encryption Policy, http://uni.edu/policies/1323, describes this process.
It is important to remember that on current hardware and operating systems, WDE is completely transparent to an authorized user of the computer that has logged in to the device. If you have questions about the encryption of your university-owned device, please contact the Service Desk (ITT 36, 273-5555, or firstname.lastname@example.org).