Campus Computer Encryption

What is Computer Encryption?

The campus computer encryption service provided by ITS protects the contents of your computer's hard drive from unauthorized access due to theft. Encryption is designed to be unobtrusive and transparent.

Your system drive will be encrypted and a recovery key stored centrally so we can help unlock your drive in the event of a malfunction.

This service includes:

  • Encryption consultation and preparation
  • Drive encryption
  • Recovery key escrow
  • Assistance with accessing a computer encrypted with this service
  • Assistance with any problems related to your computer encryption

Background Encryption: The drive encryption process occurs in the background after the consultation/package installation and can take anywhere from 2 - 8 hours depending on hardware. The computer can be used normally during background encryption -- shutdown and restart will not affect the process as it will automatically resume.

What is Key Escrow?

ITS provides the service of securely transferring and storing your recovery information that is created when your computer is encrypted. This is a transparent process and your recovery information is only accessed in a recovery scenario.


ITS recommends that you backup critical data before encrypting your computer.

Selecting your encryption option:

  1. Managed Encryption (UCSC owned devices)
  2. Manual Encryption with Key Escrow (Personally owned devices)

Managed Encryption (UCSC owned devices)

This option is the easiest for the standard user. Once you fill out a service request, you will get a full consultation for campus computer encryption based on your location and support needs.

SlugHub: Submit a request for Campus Computer Encryption Service

Manual Encryption with Key Escrow

This self-service option allows for you to download packages, prepare your computer for encryption, and securely transmit your key to our servers for safe keeping (Key Escrow provided by Sophos Central). Recommended for personally owned devices. 

What is Sophos Central?

Sophos Central provides the secure transportation of recovery keys from the client computer to our secure Sophos Central console. It provides a centralized helpdesk for recovery on both Mac and Windows computers. This service does not support Linux computers, please go here for help


  1. Download appropriate package for your Operating System (OS) - Encryption Downloads
  2. Prepare your computer if necessary (Windows only) - Managing TPM for Windows
    • You'll see additional settings on this page, follow them for the best encryption experience.
  3. Install the package
    • Admin rights on your computer are required to install these packages.
    • Please make sure to have a strong Internet connection from campus with Ethernet (wired) or a non-restricted Wifi connection(eduroam works). Please avoid using a vpn connection as this can affect the way macOS computer names are recorded in our servers. The communication to our servers is already encrypted. 
    • Record your computer name in case you need help in the future, we use this information to find your computer in the recovery database.

Finding your computer name:

ITS will use your computer name information to find your computer in the recovery database.

  • Windows 10
    • Click Start
    • Type "About Your PC" and select the result
    • A new settings window will open called "About"
    • "Device name" is shown at the top of the window under "Device Specifications"

  • Mac
    • Select the Apple icon on the top-left of your screen
    • Select "System Preferences..."
    • Select the "Sharing" preferences
    • "Computer Name" is shown at the top of the window

Service Exceptions

We do not offer encryption for:

  • Kiosk computers
  • Macs running an OS version prior to macOS 10.14
  • Intel Macs running Windows natively (via Boot Camp)
  • Windows 7

Macs running Windows via virtualization can be encrypted. When a Mac drive is encrypted, any Windows virtual machine drive on the Mac's encrypted disk is encrypted as well.

What does it cost?

ITS provides consultation, key escrow, and support for the Campus Computer Encryption service at no charge.

Get help without submitting a ticket (Online resources)

More information about Mac FileVault encryption

More information about Windows Bitlocker encryption

How do I get help for encryption-related issues?

If you have a problem with Desktop Encryption, contact ITS for assistance:

Phone: (831) 459-4357
Service: Desktop Services
Sys/App: Computer Encryption