Introduction
TIP: A short URL (askit.ttu.edu/encryption) is in place which redirects to this content.
Explanation
What is encryption?
Encryption transforms data, keeping it secret so that it can only be accessed by certain individuals (typically protected by a password or encryption key). It is a way to protect your data from being accessed by others. See the information below to find out how different methods of encryption have been implemented at Texas Tech University (TTU).
How encryption is implemented at TTU
Desktop and laptop computers, and some tablets
Disk encryption is the process of encoding the personal or business-sensitive information on your computer's storage disk so that only authorized parties can read it. You should use encryption to keep information private on hard drives, files, and folders. Encryption should be enabled on TTU-owned computers.
Mobile devices, such as smartphones and some tablets
In an effort to prevent accidental disclosure of sensitive data, Information Technology has implemented security features built into mobile devices (iPhone, iPad, Android phone, etc.), that enable encryption and secure passcodes.
Hardware-based full-disk encryption
Hardware-based full-disk encryption is built into the firmware of a hard drive by the manufacturer. A limited number of hard drive manufacturers support hardware-based full disk encryption. Because of recoverability and legal issues, hardware encryption is only recommended for certain highly sensitive applications.
Information Technology has compiled recommendations for hardware-based full disk encryption.
UNIX and Linux computers
A limited number of software vendors provide software-based full-disk encryption for UNIX and Linux platforms. Where available for specific versions of UNIX or Linux, the following features are required:
- FIPS 140-2 certified encryption algorithms
- Pre-boot authentication
- Forced strong password/key
File and folder encryption may be used to satisfy the encryption requirements of the Mobile Computing Policy on UNIX and Linux laptops. In these instances, the following features are required:
- FIPS 140-2 certified encryption algorithms
- Forced strong password/key
Information Technology currently does not support a managed solution for full-disk or file and folder encryption on UNIX and Linux platforms. When using full-disk encryption on UNIX and Linux, decrypted backups of important data should be kept in a secure location.
Backup options
CAUTION: You must establish an ongoing backup plan for your computer and data. In the unlikely event that a problem occurs during the encryption process or drive failure, a backup will be the only mechanism to restore encrypted data. In addition, we strongly recommend storing critical or important files in a separate location from your hard drive.