Campus Computer Encryption

What is Computer Encryption?

The campus computer encryption service provided by ITS protects the contents of your computer's hard drive from unauthorized access due to theft. Encryption is designed to be unobtrusive and transparent.

Your system drive will be encrypted and a recovery key stored centrally so we can help unlock your drive in the event of a malfunction.

This service includes:

  • Encryption consultation and preparation
  • Drive encryption
  • Recovery key escrow (Provided by Sophos SafeGuard or JAMF)
  • Assistance with accessing a computer encrypted with this service
  • Assistance with any problems related to your computer encryption

Background Encryption: The drive encryption process occurs in the background after the consultation/package installation and can take anywhere from 2 - 8 hours depending on hardware. The computer can be used normally during background encryption -- shutdown and restart will not affect the process as it will automatically resume.

What is Key Escrow?

ITS provides the service of securely transferring and storing your recovery information that is created when your computer is encrypted. This is a transparent process and your recovery information is only accessed in a recovery scenario.

Backup

ITS recommends that you backup critical data before encrypting your computer.

Selecting your encryption option:


  1. Managed Encryption (UCSC owned devices)
  2. Manual Encryption with Key Escrow (Personally owned devices)
  3. Manual Encryption without Key Escrow (Only option with Linux support)

Managed Encryption (UCSC owned devices)

This option is the easiest for the standard user. Once you fill out a service request, you will get a full consultation for campus computer encryption based on your location and support needs. A technician will be in contact with you shortly.

Fill out the Campus Computer Encryption Service Request

Manual Encryption with Key Escrow

This self-service option allows for you to download packages, prepare your computer for encryption, and securely transmit your key to our servers for safe keeping (Key Escrow provided by SafeGuard). Recommended for personally owned devices. 

What is Sophos SafeGuard?

Sophos SafeGuard provides the secure transportation of recovery keys from the client computer to our central servers. It provides a centralized helpdesk for recovery on both Mac and Windows computers. This service does not support Linux computers, please go here for help

Process:

  1. Download appropriate package for your Operating System (OS) - Encryption Downloads
  2. Prepare your computer if necessary (Windows only) - Managing TPM for Windows
    • You'll see additional settings on this page, follow them for the best encryption experience.
  3. Install the package
    • Admin rights on your computer are required to install these packages.
    • Please make sure to have a strong Internet connection from campus with Ethernet (wired).
    • Record your computer name in case you need help in the future, we use this information to find your computer in the recovery database.

Finding your computer name:

ITS will use your computer name information to find your computer in the recovery database.

  • Windows
    • Windows 7
      • Open System by clicking the Start button.
      • Right-click on Computer, and then clicking Properties.
      • Under Computer name, domain, and workgroup settings, you can find your computer name, and its full computer name if your computer is on a domain.
    • Windows 10
      • Click Start
      • Type "Settings" and select the result
      • A new window will pop-up, select "System"
      • On the bottom left, select "About"
      • Find "Device name"
  • Mac
    • Select the Apple icon on the top-left of your screen
    • Select "System Preferences..."
    • Select the "Sharing" preferences
    • "Computer Name" is at the top

Manual Encryption without Key Escrow

This option is completely self-service and you are opting out of assistance with setting up encryption. For personally owned devices. We have basic instructions on how to enable encryption per OS (including Linux). With this option, you will NOT have a key escrow service, so you will be responsible for your recovery key and ITS will NOT be able to assist you in regaining access to your data in the event of a forgotten password. This option is not recommended by ITS.

Process:


 Service Exceptions

We are currently not offering encryption for:

  • Kiosk computers
  • Macs running Windows natively (via Boot Camp)
  • Windows 7 Professional Edition - See this link

Macs running Windows via virtualization can be encrypted. When a Mac drive is encrypted, any Windows virtual machine drive on the Mac's encrypted disk is encrypted as well.

What does it cost?

ITS provides consultation, Sophos Safeguard key escrow, and support for the Campus Computer Encryption service at no charge.

Get help without submitting a ticket (Online resources)

More information about Mac FileVault encryption

More information about Windows Bitlocker encryption

How do I get help for encryption-related issues?

If you have a problem with Desktop Encryption, contact ITS for assistance:

Phone: (831) 459-4357
Web: https://ucsc.service-now.com/navpage.do
Service: Desktop Services
Sys/App: Computer Encryption