Disk Encryption

Many groups at Emory handle sensitive information as part of their daily business.To best protect sensitive information handled at Emory, the institution has created a disk encryption policy, evaluated and selected a disk encryption product (PGP Whole Disk Encryption), negotiated a volume license agreement with PGP and deployed a central management service for the product.

The volume license agreement allows Emory departments to purchase PGP Whole Disk Encryption perpetual licenses for $45.50 per seat.This license includes the ability to centrally manage the software using the PGP Universal Server deployed by Emory.

The PGP WDE product provides encryption for boot disks for both Windows and Mac OS X (10.5 - 10.6), as well as the ability to encrypt removable drives, encrypt zip files, and securely delete files.These features can be enabled or disabled by policy so departments can control what forms of encryption are used in their deployments.

The PGP Universal Server provides a mechanism to apply software configuration policy to groups of computers, as well as providing a safety mechanism that allows for system access if the disk encryption password is forgotten.

To get started testing and deploying PGP WDE, contact OIT security via a support ticket, email security@emory.edu or call 404-727-6666.

Current PGP version: 10.2 MP5

PGP clients may be downloaded from TechTools.

**NEW** 

If you are running Mac OS 10.7 or 10.8, you may use FileVault as an alternative to PGP IF you also use Emory's FileVault Management Tool. Running FileVault without the management tool is not sufficient to comply with the policy. For more information, please see this knowledgebase article. Users with Mac OS X 10.5 and 10.6 must use PGP Whole Disk Encryption.

Encryption Compatibility Matrix

Documentation

• Emory disk encryption policy
• Getting started with Emory PGP for local IT support
• Emory PGP license policy FAQ
• PGP WDE Installation documentation for Windows (v10)
• PGP WDE Installation documentation for Mac OS X
• Basic PGP training slides for local IT support (PDF)
• PGP forgotten password recovery process
• PGP operating system repair process
• Local IT support training announcement (PDF, Jan 2010)
• PGP WDE for Windows Quickstart guide (PDF) - from Symantec/PGP
• PGP WDE for Mac OS X Quickstart guide (PDF) - from Symantec/PGP
• Emory FileVault Management Tool - Only for Mac OS X 10.7 (Lion) and above

Disk Encryption Listserv

Those deploying and managing PGP software or FileVault are invited to subscribe to the PGP-USERS-L listserv to get updates and participate in deployment discussions.

PGP recovery CD ISOs (direct from Symantec)

• PGP 10.1 Windows recovery CD ISOs
• PGP 10.2 Windows recovery CD ISOs
• Mac recovery CD ISOs

Recovery CD ISOs are also located in the program folder of any PGP installation. Be sure that you use the recovery CD that matches the version installed on the system.

Encryption of USB Thumbdrives

Some USB thumbdrives are specifically designed to address the concerns of storing sensitive information by using built-in hardware encryption.  These drives are more expensive, but much cheaper than dealing with the repercussions of losing sensitive information.  For situations where it is necessary to store sensitive information on a thumbdrive, Emory's Office of Information Technology has approved both IronKey Personal USB thumbdrives and Kingston Data Traveler Vault - Privacy Edition thumbdrives for this purpose.  These drives use hardware-based encryption, ensuring that all data stored on the drive is encrypted.  This removes doubts of whether encryption software was installed and configured correctly, and if a particular drive was encrypted when it was lost.  No other thumbdrives are approved for storing sensitive Emory data.

See the table below for direct links to specific products through CDWG for institutional purchases.