PGP Encryption Information
Whole Disk Encryption
Symantec Corporation (the providers of our current full disk encryption software, Symantec Endpoint Encryption) has released a new version of its whole disk encryption software. This software is powered by PGP technology that has been in existence since 1991, and has a proven track record for securing data. The code for this version of the encryption software is completely different from previous versions that have been used by the University of Louisville. This new software allows for better performance and compatibility over other encryption solutions.
This software is not compatible with previous versions of Guardian Edge or Symantec Endpoint Encryption. Existing Guardian Edge and Symantec Endpoint Encryption installations will no longer be supported after June 2015. Decrypting and removing existing installations of the older software versions will be required before upgrading. All new laptops owned by the university will need to have this current version of Symantec Encryption Desktop.
Download the System Requirements for Symantec(PDF) Encryption Desktop.
For users that are currently using a version of Guardian Edge or Symantec Endpoint Encryption, you will need to get with your tech support personnel to upgrade to the latest version of the software before June 2015.
For Mac users, please see the instructions for enabling FileVault for full disk encryption requirements. Click here for FileVault setup instructions.
Review the Known Issues with this software before proceeding with installation.
Please visit the IT store web site to download the new encryption client software.
Installation instructions will come packed with the download of the client. They can also be downloaded here:
Additional setup steps will need to be taken to enable local administrator accounts on machines that are running PGP. Instructions for adding local accounts to the PGP login can be found here.
It is important to note the distinction between "Symantec Endpoint Encryption (old)" and "Symantec Encryption Desktop (PGP) (new)"
Why use encryption?
Whole disk encryption ensures that if a university owned laptop is stolen or lost, the information on the laptop is secure, and will not be accessed by anyone without the proper credentials. Basic Windows passwords can easily be cracked and information that is not encrypted can easily be stolen if a laptop falls in to the wrong hands. When laptops are stolen, the first question asked by security personnel will be "Was the laptop encrypted?" There is little to no performance degradation when utilizing this software, and this software can offer peace of mind concerning sensitive data on the go. All laptops owned by the University of Louisville need to have encryption software installed to protect information stored on them. The provost announced that all applicable university devices must have encryption software installed. That announcement can be found here. UL Today also published an article about using whole disk encryption that can be found here.
Whole Disk Encryption Improvements
This new software offers several benefits over Symantec Endpoint Encryption.
Full Solid-State drive and Windows 8/8.1 support. The older versions of the software will never have SSD or Windows 8/8.1 support.
Full support for computers UEFI secure BIOS. Many hardware manufacturers are moving toward this technology. The old encryption client is not compatible with this technology.
AES-NI hardware support. Computers that contain processors with AES-NI capabilities will see better performance with Symantec Encryption Desktop than with Symantec Endpoint Encryption. Some manufacturers may disable this in the BIOS. Consult manufacturer documentation for enabling this feature. Currently supported on Intel Westmere, Sandy Bridge, and Ivy Bridge based processors (except Core i3) and AMD Bulldozer, Piledriver and Jaguar based processors.
Support for Single Sign On (SSO) with Windows clients. The encryption software synchronizes with Active Directory passwords. No longer will it be required to remember a separate password to log in to the encryption software. Once the user logs in to the encryption pre-boot screen, the Windows login is completed automatically. When Active Directory passwords are changed, they will sync automatically to the encryption software.
The disk encryption process can be throttled for better working performance during the initial encryption process.
A list of other universities that require encryption software to be used can be found here.