OIT offers and supports PGP software and licenses to faculty and staff for whole disk encryption.
EFS (Windows 2000 and later)
Windows 2000 and later include an encryption feature called Encrypted File System (EFS), which can be used to encrypt information at the file, folder or disk level. It can leverage Active Directory for storing user encryption keys.
BitLocker (Windows Vista)
Windows Vista Enterprise and Ultimate editions include a disk encryption tool called BitLocker which is designed to work together with a Trusted Platform Module (TPM) hardware chip in a computer. It uses a separate boot partition and encrypts the primary system partition. It can leverage Active Directory for storing disk restore keys.
FileVault (Mac OS X 10.3 and later)
Apple OS X versions 10.3 and higher include a tool called FileVault for encrypting a user’s home directory. It uses the user’s normal login password, providing seamless access and allows the computer administrator to set a “master password” in case a user forgets their password.
Different Linux distributions may come packaged with various encryption tools, most commonly forms of GnuPG (open source implementation of PGP style encryption). Check with your Linux distribution provider to see what encryption tools are included and check the encryption software section below for products with Linux versions.
Hard drives with encryption
Storage companies are beginning to ship hard drives with hardware encryption built-in. This means the hard drive itself can encrypt information as it writes it to the drive and decrypt it as it reads the information. This technology is expected to grow quickly and surpass software encryption popularity for whole disk encryption functions. A small number of USB thumb drives include hardware encryption (a number of them advertise encryption, but simply come packaged with basic encryption software).
Trusted Platform Modules (TPM chips)
Trusted Platform Modules are chips in some computers that allow for hardware level management of some security functions, including encryption. Purchasing a computer with a TPM chip does not, on its own, provide any protection, although some computer vendors package security software with the computer that can leverage the TPM. Different products may use TPM chips in different ways and have different requirements for TPM chip versions. If you are planning on using software that leverages a TPM chip you should verify the specific hardware requirements.
Utimaco/SouthSeas (State pricing agreement)
The State of Colorado has established a state-wide pricing agreement that allows state agencies to purchase Utimaco encryption software through the SouthSeas reseller at a discounted rate. The agreement covers the following suite of encryption products for Windows 2000/XP/2003:
These applications provide whole disk encryption, single file/folder encryption, multi-user file encryption, encryption of information on PDA’s and other functions.
PointSec provides a widely recognized set of encryption software which is particularly popular in government and financial markets. They are most commonly associated with whole disk encryption, but provide additional encryption functions.
MS Office and OpenOffice
MS Office 2003/2007 and OpenOffice 2 both include strong encryption capabilities that password protect individual files. For MS Office 2003, a default setting must be changed to provide robust encryption.
Through version 2004, MS Office for OS X does not provide sufficiently strong encryption for documents. ITS does not recommend that users rely on MS Office for OS X as their encryption layer to protect highly confidential data.
TrueCrypt is a free, open-source encryption application for Windows and Linux that provides strong encryption. It is appropriate for individual users who wish to encrypt a set of files or a removable drive. Truecrypt supports several encryption algorithms and uses passwords and/or key files to lock the encrypted information.