PGP Encryption Information
Whole Disk Encryption
Symantec Corporation (the providers of our current full disk encryption software, Symantec Endpoint Encryption) has released a new version of its whole disk encryption software. This software is powered by PGP technology that has been in existence since 1991, and has a proven track record for securing data. The code for this version of the encryption software is completely different from previous versions that have been used by the University of Louisville. This new software allows for better performance and compatibility over other encryption solutions.
This software is not compatible with previous versions of Guardian Edge or Symantec Endpoint Encryption. Existing Guardian Edge and Symantec Endpoint Encryption installations will no longer be supported after June 2015. Decrypting and removing existing installations of the older software versions will be required before upgrading. All new laptops owned by the university will need to have this current version of Symantec Encryption Desktop.
View this article for more information
Where Can I Get The Software?
Please visit the IT store web site to download the new encryption client software.
Please read through the documents below - "Useful Documentation" as there are several steps that must be taken before installing the software.
Additional setup steps will need to be taken to enable local administrator accounts on machines that are running PGP.Instructions for adding local accounts to the PGP login can be found here.
It is important to note the distinction between "Symantec Endpoint Encryption (old)" and "Symantec Encryption Desktop (PGP) (new)"
Can I Send Encrypted Email
Yes. The University offers a free service that can encrypt email that contains sensitive data. Please visit the Send Secure Email site for more information.
What About Apple Computers?
Please see the instructions for enabling FileVault for full disk encryption requirements. Click here for FileVault setup instructions.
After FileVault is installed, and agent can be installed alongside of FileVault. This agent will synchronize the FileVault recovery information to the Symantec Encryption Server. In the event of a system malfunction, Information Technology can use this information to assist in accessing the encrypted data.
FileVault uses strong AES 128-bit encryption to protect your data. FileVault comes standard with all modern versions of Apple OSX - the operating system shipped with every Apple computer.
Frequently Asked Questions
The documents below will help you prepare for the installation of the PGP Whole Disk Software on your computer.
Installing whole disk encryption software on a computer is likely the most intense process that the hard drive will have to complete. Therefore, it is a good idea to perform several tasks before installing the software to be sure that the drive is healthy, and that you are not encrypting useless data that can be deleted before starting the process.
The encryption checklist shows the steps that need to be taken to ensure a successful installation of the encyrption.
The disk cleanup utility included with Windows 7 and 8/8.1 will remove data from your hard drive that is no longer needed. This process may help improve the performance of your system, and will be beneficial as you will not be encrypting unnecessary data.
As time goes on, the data on a hard drive will become scattered, and device performance may suffer. Running a disk defragment will help improve system performance. The encryption software will benefit from having an uncluttered, defragmented hard disk before starting the installation.
If your computer is attached to the university domain, you receive updates for the Windows operating system automatically every month. However, there may be device drivers that are specific to the make and model of the computer you are using that should be updated before proceeding with the encryption installation.
Older versions of the encryption software provided by the university may already be present on your computer. In these cases you will need to contact your tech support personnel to assist in removing the software before installing PGP Whole Disk Encryption. You also need to verify that "Bitlocker" - the encryption product provided by Microsoft Windows, is not already installed.
As mentioned previously, encrypting your hard drive is likely the most work your hard drive ever do in a short period of time. The encryption process will likely expose any weaknesses that your hard drive may have. Device failure is a rare occurance, but does happen. Backing up your data before starting the process will ensure that your valuable data is not lost in the event of a failure. Most of the data you store on your computer is likely stored in the "User Profile" folder. This will contain items that are on your desktop, in your "Documents" folder, your download folder, and others. Unless you have critical files outside of those common locations, backing up your User Profile will cover backing up your valuable data.
How to Use "WASP" Inventory Application
All computer equipment must be stored in the WASP Inventory application. This will ensure that all computer equipment inventory is stored in one location and will assist in tracking the progress of the encryption project
Why use encryption?
Whole disk encryption ensures that if a university owned computer is stolen or lost, the information on the computer is secure, and will not be accessed by anyone without the proper credentials. It is important that University of Louisville personnel storing sensitive information such as Protected Health Information (PHI), Personally Identifiable Information (PII), or research data, protect their machines and data with whole disk encryption software.
Basic Windows passwords can easily be cracked and information that is not encrypted can easily be stolen if a computer falls in to the wrong hands. When laptops are stolen, the first question asked by security personnel will be "Was the laptop encrypted?" There is little to no performance degradation when utilizing this software, and this software can offer peace of mind concerning sensitive data, particularly data on the go. All computers owned by the University of Louisville need to have encryption software installed to protect information stored on them.
The provost announced that all applicable university devices must have encryption software installed. That announcement can be found here.
UL Today also published an article about using whole disk encryption that can be found here.
Download the System Requirements for Symantec(PDF) Encryption Desktop.
- Windows 8/8.1 (32 and 64-bit editions are supported)
- Windows 7 (all 32 and 64-bit editions are supported)
- Windows Vista (all 32 and 64-bit editions are supported)
Whole Disk Encryption Improvements
This new software offers several benefits over Symantec Endpoint Encryption.
Full Solid-State drive and Windows 8/8.1 support. The older versions of the software will never have SSD or Windows 8/8.1 support.
Full support for computers UEFI secure BIOS. Many hardware manufacturers are moving toward this technology. The old encryption client is not compatible with this technology.
AES-NI hardware support. Computers that contain processors with AES-NI capabilities will see better performance with Symantec Encryption Desktop than with Symantec Endpoint Encryption. Some manufacturers may disable this in the BIOS. Consult manufacturer documentation for enabling this feature. Currently supported on Intel Westmere, Sandy Bridge, and Ivy Bridge based processors (except Core i3) and AMD Bulldozer, Piledriver and Jaguar based processors.
Support for Single Sign On (SSO) with Windows clients. The encryption software synchronizes with Active Directory passwords. No longer will it be required to remember a separate password to log in to the encryption software. Once the user logs in to the encryption pre-boot screen, the Windows login is completed automatically. When Active Directory passwords are changed, they will sync automatically to the encryption software.
The disk encryption process can be throttled for better working performance during the initial encryption process.
A list of other universities that require encryption software to be used can be found here.
Review the Known Issues with this software before proceeding with installation.