Mobile Device Encryption

 

In accordance with new UBC regulations, it is now mandatory for all laptops and mobile devices (including personal and UBC-funded equipment that deal with UBC data) to be encrypted.

Full-disk encryption is available for faculty and staff-owned computer hard drives (and other mobile devices such as USB keys and flash drives). Encryption helps prevent unauthorized access to data such as Personal Information (PI) and mitigates risks associated with physical loss or theft. UBC IT supports McAfee Whole Disk Encryption (WDE) for all Windows and Mac computers and Symantec PGP for Linux devices.

Encryption is provided at no cost for the protection of UBC confidential or sensitive data stored on devices used by faculty or staff for university business.

Encryption Services Description

McAfee WDE (Whole Disk Encryption)

McAfee WDE software provides full disk encryption for laptops and mobile devices. Full disk encryption helps prevent the loss of sensitive data, especially in the event of lost or stolen equipment. Advantages of using McAfee WDE include:

  • Enforcing strong access control with pre-boot authentication
  • Enabling transparent encryption without hindering users or system performance
  • Ensuring consistent protection across all devices

McAfee MNE (Management of Native Encryption)

McAfee MNE manages various functions of Apple’s Native FileVault2 and Microsoft’s BitLocker encryption package. These include:

  • Managing the encryption state of FileVault2 and BitLocker
  • Key Escrow (stores recovery key securely on the McAfee server)
  • Tier 1 recovery
  • Password Policy Management
  • Reporting on encryption state

McAfee Encrypted USB

McAfee’s USB Encryption extends security to the mobile environment by safeguarding data copied and transported on portable USB storage devices. Features include:

  • Providing the highest levels of encryption (AES-256) and certifications (FIPS 140-2)
  • Providing data mobility without compromising security policies
  • Controlling data access with strong, two-factor authentication
  • Tracking and managing encrypted USB storage devices on a company-wide scale with ePO for Password Recovery.

Who Can Use This?

McAfee Whole Disk Encryption and Symantec PGP Whole Disk Encryption are available for installation on UBC-provided hardware for faculty and staff.

Technical Requirements
  • A Campus-Wide Login (CWL) account
  • For McAfee – Windows 7 and above, Mac OSX 10.8.2 and above.
  • For Symantec – please contact UBC Central IT Help Desk for more information.

 

Encrypting UBC Owned Devices

For a device purchased with UBC funds Botany IT will take care of enabling encryption on it and file the official encryption registration. Please contact us to arrange a time to drop the device off with us.

Encrypting Personally Owned Devices

Windows

Please follow Microsoft’s instructions to enable Windows 10 BitLocker (Pro and Enterprise edition).┬áIf encounter any issues while attempting to follow the instructions please contact us to arrange a time for us to look at the device.

https://www.windowscentral.com/how-use-bitlocker-encryption-windows-10

MacOS

Please follow Apple’s instructions to enable FileVault. If encounter any issues while attempting to follow the instructions please contact us to arrange a time for us to look at the device.

https://support.apple.com/en-ca/HT204837

Ubuntu Linux

Please follow the instructions on the Ubuntu community forums to encrypt your device. There are also instructions to encrypt just your home folder on howtogeek.com.