• QUICK LINKS
  • answers.stanford.edu
  • apple.stanford.edu
  • computing.stanford.edu
  • courses.stanford.edu
  • datarates.stanford.edu
  • dell.stanford.edu
  • departmentphone.stanford.edu
  • email.stanford.edu
  • ess.stanford.edu
  • helpsu.stanford.edu
  • myitserviceshelp.stanford.edu
  • orderithelp.stanford.edu
  • software.stanford.edu
  • studentphone.stanford.edu
  • techtraining.stanford.edu
  • tools.stanford.edu
  • unixcomputing.stanford.edu
  • vpn.stanford.edu
  • web.stanford.edu
  • windows.stanford.edu
• SERVICES
  • IT Services Only
  • All Campus Providers
    → computing.stanford.edu
• GETTING HELP
  • Stanford Answers
  • HelpSU: IT Help Desk
  • Training
• PROJECTS
• ABOUT US
  • What We Do
  • Organization Chart
  • Jobs
  • Contact info
• INTERNAL
• SEARCH

  • Search IT Services:
     

• IT Services Internal
• Projects
• Stanford Whole Disk Encryption
• Getting Started

Getting Started with Stanford Whole Disk Encryption (SWDE)

Getting Started

With your manager, determine if it is absolutely necessary that you store Restricted Data or Confidential Data on your workstation and that Stanford Whole Disk Encryption (SWDE) is the best solution for you to protect University data. Please see the Information Security Office's Classification of Data guidelines for more information.

The best protection of University data from computer loss or theft is to avoid storing it on a workstation.

If you determine that you need to install Stanford Whole Disk Encryption, submit a HelpSU request or contact your local CRC consultant. Your machine will need to be part of the Stanford University Enterprise Active Directory and your local BigFix domain.

With the assistance of the Service Desk or your CRC consultant, you will download and install the PGP Desktop Client, and begin the encryption process.

You will be asked to provide your SUNet ID and SUNet ID password to facilitate the encryption audit and the administration of licenses. In most cases, this will be your PGP encryption key.

After installation, you will be asked to provide your encryption key after every restart of your workstation. Even before Windows or Mac OS X starts up, you will have to provide the PGP key password.

What It Protects or Prevents

Stanford Whole Disk Encryption protects your files if your computer is lost or stolen. If someone tries to break into your system to retrieve files, they will not be able to access the workstation as long as they do not have your SUNet ID and password. This is most useful for laptop computers and desktop systems with Restricted Data or Confidential Data.

What It Doesn't Protect or Prevent

Stanford Whole Disk Encryption is limited to protecting the files while they are on your computer. It does not provide encryption to files that are:

• sent via email;
• kept on a separate flash drive/thumb drive/USB drive/floppy disk (which was not explicitly encrypted with SWDE); or
• moved over the network via shared folders.

When you move an encrypted file off of your workstation, it is no longer encrypted,

If You Forget Your Password or Your Password Changes

In general, your Stanford Whole Disk Encryption password will be synchronized with your SUNet ID password. If this password does not work for some reason, you can contact IT Services for Whole Disk Token Recovery (WDTR). Submit a HelpSU request or call 5–HELP. An IT Services representative will be able to provide a temporary recovery password that must be reset (usually back to your SUNet ID password).

What to Expect

• IT Services testing to date has found no significant performance hits during normal day-to-day operations after installation of the PGP Whole Disk Encryption technology.
  
  
• The initial encryption process can be resource intensive on your workstation, so plan a time when you can leave your workstation plugged into AC power and a time when you can tolerate a slowdown in performance.
  
  
• Upon successful installation of the PGP desktop client, the encryption process starts immediately in Windows; it must be started manually in Mac OS X.
  
  
• You will be asked to provide your SUNetID and SUNetID password to facilitate the encryption audit and the administration of licenses. In most cases, this will be your PGP encryption key.
  
  
• After installation, you will be asked to provide your encryption key after every restart of your workstation. Even before Windows or Mac OS starts up, you will have to provide the PGP key password.
  
  
• You must follow the best practice of password protecting your workstation at all times, including stand by, sleep, hibernate and via screen savers. This practice is fundamental to the success of the Whole Disk Encryption technology and the accompanying audit.
  
  
• Once installed, encryption takes place in the background all the time; each new file is encrypted automatically.
  
  
• The PGP client checks in with a central license and audit server upon every restart of your workstation.
  
  
• Your workstation will become a member of the local BigFix domain and must be a member of the University Active Directory.
  
  
• Unencryption is very time consuming process. Unencryption is not recommended. If necessary it can be enabled by IT Services staff to guarantee the integrity of the audit trail. Plan unencryption when you can tolerate a very slow machine for over 10 hours..

How to Get Help

If you encounter problems, or have any questions, please submit a HelpSU request.