Campus faculty and staff members who work with University restricted data, such as personally identifiable information (PII), confidential student records, health records, or sensitive research data, may have a need to securely store and access the data on their local workstations. System and Network Security (SNS) recommends storing restricted data on secure, centralized file servers whenever possible [1]. However, if the data must be stored on local workstations, it should be encrypted to prevent unauthorized access should the system be lost or stolen. This is especially important for laptops and other portable systems vulnerable to loss or theft.
Users and administrators may have concerns about whether encrypted data can be recovered if the original key used to encrypt the data is lost. To help alleviate these concerns, and to comply with UC policies (IS-3) regarding the recovery of campus data [2], IST offers two free encryption services with data recovery to the campus community:
- Pointsec for PC. This is a "full disk" encryption software package that requires a password on system startup to unlock the encrypted disks. If the user loses this password, SNS will provide password recovery services as well as full disk decryption should the system become unbootable.
- Encrypting File System (EFS) managed through CalNetAD. For workstations managed through the CalNet Active Directory, we provide automatic key enrollment and data recovery services should the user's EFS key become lost.
Both of these services are now in production and available to the campus community. To get started, email with an explanation of your encryption needs. For more information, see:
- Encryption and Restricted Data
- Getting Started with Pointsec for PC
- Key Management for Encrypting File System [PDF]
For systems where centralized data recovery is not required, the following articles offer encryption advice:
Please contact if you have any questions about how to use encryption technologies for your campus data.
Notes
[1] For coordination of your service needs in acquiring secure, centralized file server space from IST, contact the Technical Account Management (TAM) team, or visit the TAM website.
[2] UC Business and Finance Bulletin IS-3 Electronic Information Security [PDF].