Many groups at Emory handle sensitive information as part of their daily business.To best protect sensitive information handled at Emory, the institution has created a disk encryption policy, evaluated and selected a disk encryption product (PGP Whole Disk Encryption), negotiated a volume license agreement with PGP and deployed a central management service for the product.
The volume license agreement allows Emory departments to purchase PGP Whole Disk Encryption perpetual licenses for $45.50 per seat.This license includes the ability to centrally manage the software using the PGP Universal Server deployed by Emory.
The PGP WDE product provides encryption for boot disks for both Windows and Mac OS X (10.5 - 10.6), as well as the ability to encrypt removable drives, encrypt zip files, and securely delete files.These features can be enabled or disabled by policy so departments can control what forms of encryption are used in their deployments.
The PGP Universal Server provides a mechanism to apply software configuration policy to groups of computers, as well as providing a safety mechanism that allows for system access if the disk encryption password is forgotten.
To get started testing and deploying PGP WDE, contact OIT security via a support ticket, email email@example.com or call 404-727-6666.
Current PGP version: 10.2 MP5
PGP clients may be downloaded from TechTools.
If you are running Mac OS 10.7 or 10.8, you may use FileVault as an alternative to PGP IF you also use Emory's FileVault Management Tool. Running FileVault without the management tool is not sufficient to comply with the policy. For more information, please see this knowledgebase article. Users with Mac OS X 10.5 and 10.6 must use PGP Whole Disk Encryption.
|Operating System||PGP||FileVault 2|
|Max OS 10.5 (Leopard)||X|
|Mac OS 10.6 (Snow Leopard)||X|
|Mac OS 10.7 (Lion)||X|
|Mac OS 10.8 (Mountain Lion)||X|
Those deploying and managing PGP software or FileVault are invited to subscribe to the PGP-USERS-L listserv to get updates and participate in deployment discussions.
Recovery CD ISOs are also located in the program folder of any PGP installation. Be sure that you use the recovery CD that matches the version installed on the system.
Some USB thumbdrives are specifically designed to address the concerns of storing sensitive information by using built-in hardware encryption. These drives are more expensive, but much cheaper than dealing with the repercussions of losing sensitive information. For situations where it is necessary to store sensitive information on a thumbdrive, Emory's Office of Information Technology has approved both IronKey Personal USB thumbdrives and Kingston Data Traveler Vault - Privacy Edition thumbdrives for this purpose. These drives use hardware-based encryption, ensuring that all data stored on the drive is encrypted. This removes doubts of whether encryption software was installed and configured correctly, and if a particular drive was encrypted when it was lost. No other thumbdrives are approved for storing sensitive Emory data.
See the table below for direct links to specific products through CDWG for institutional purchases.
|Product||Capacity||Price without Emory discount
(as of 08-23-12)
|IronKey Personal D200 - 4 GB||4GB||$111.72||http://www.cdwg.com/shop/products/default.aspx?EDC=1909888|
|IronKey Personal D200 - 8 GB||8GB||$142.63||http://www.cdwg.com/shop/products/default.aspx?EDC=1909889|
|IronKey Personal D200 - 16 GB||16GB||$224.43||http://www.cdwg.com/shop/products/default.aspx?EDC=1948440|
|IronKey Personal D200 - 32 GB||32GB||$336.15||http://www.cdwg.com/shop/products/default.aspx?EDC=1949150|
|Kingston DataTraveler Vault - Privacy Edition 4GB
|Kingston DataTraveler Vault - Privacy Edition 8GB
|Kingston DataTraveler Vault - Privacy Edition 16GB
|Kingston DataTraveler Vault - Privacy Edition 32GB||32GB||$159.59||http://www.cdwg.com/shop/products/default.aspx?EDC=1628972|