Encryption is the process of converting plain text data into a form not readable by humans (e.g., ciphertext) using a mathematical process (encryption algorithm) and a parameter (encryption key). Confidential data must always be protected with appropriate encryption. The User Managed Encryption service will implement technology and processes that will enable the University to provide confirmation of laptop encryption to the Office for Civil Rights (OCR) in the event a laptop is lost or stolen.
OU policy requires device encryption on laptop computers that may store sensitive or confidential information (e.g., SSN and financial information, patient information). For laptops used by OU Health Sciences Center, the presumption is that the device may be used for this purpose and therefore must be encrypted. Students should backup and encrypt laptops. These responsibilities apply to an Approved Personal Devices:
If you need assistance locating the Device Serial Number for your computer, please see this article.
There are no costs associated with this service.
This service is available to OUHSC Students.
IMPORTANT INFORMATION:
Step One: Students must first backup their data. All OU Students are provided with 1TB OneDrive cloud-storage. Step Two: Students must encrypt their hard drives using BitLocker or FileVault. Windows Laptop Encryption: Windows users should use BitLocker to encrypt laptops. Bitlocker is a Windows disk encryption feature, designed to protect data by providing encryption for entire volumes and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. BitLocker provides maximum protection when used with a Trusted Platform Module (TPM). A TPM is a hardware component installed in many devices and it works with BitLocker to help protect user data and to ensure that a computer hasn't been tampered with while the system is offline. On devices that don't have a TPM, BitLocker can still be used to encrypt the Windows operating system drive. However, this implementation requires the user to insert a USB startup key to start the device or resume from hibernation. An operating system volume password can be used to protect the operating system volume on a computer without TPM. Both options don't provide the pre-startup system integrity verification offered by BitLocker with a TPM. See Turn on native encryption – Windows 10. Macbook Encryption: Macbook users should use FileVault to encrypt laptops. FileVault encodes the data on your startup disk so that unauthorized users can’t access your information. Note: If you have an iMac Pro or another Mac with an Apple T2 Security Chip, the data on your drive is already encrypted automatically. However, turning on FileVault provides further protection by requiring your login password to decrypt your data. *** Important: After you turn on FileVault and the encryption begins, you can’t turn off FileVault until the initial encryption is complete. Encryption can take a long time, depending on the amount of data stored on your computer, but you can continue to use your computer as you normally do. After the encryption process is complete, you can turn off FileVault. If you have an iMac Pro or another Mac with a T2 chip, data on your drive is already encrypted automatically, so FileVault takes less time to complete. See Turn on native encryption – macOS.*** Phone/Tablet Encryption: All iOS devices (iPhones and iPads) have built-in encryption that is activated by simply having a passcode used to unlock the device. Android devices differ by manufacturer; they have encryption capabilities, but for most devices, encryption is not activated automatically. Step Three: Students will be required to complete the Student Encryption Certification Form. This form will collect critical attributes that allow OU IT to maintain HIPAA-compliant inventory of user encrypted personally owned laptops. Step Four: Students must install the Sassafras IT Asset Management agent. The Sassafras agent is a discreet application installed on computers which reports back a full hardware and software inventory. OU IT will then use this information track the status of FileVault or BitLocker encryption.