Encryption Deadlines Approaching
Earlier this year, campus-wide messages from the Vice President for Business Affairs and from the Chief Information Security Officer spelled out the deadlines for encrypting all computers used by Stanford employees for Stanford business. As those deadlines get closer, University IT is developing tools to help every department get their machines safely encrypted before time runs out.
First things first: are your department's computers backed up? Frequent backups are a good practice for all sorts of reasons, but they're especially important to have in place before starting to encrypt a computer's hard drive. The encryption process goes smoothly 99% of the time, but every computer's data should be backed up to guard against those rare occasions when there's a problem. University IT provides the CrashPlan PROe backup service at a flat $5/month per person, with unlimited storage for up to four devices. CrashPlan PROe supports Windows, Mac OS X, Linux, iOS, Android, Windows Phone, and Solaris and is approved for use with all classifications of Stanford data. If your department doesn't have a suitable backup plan or would like to switch to one with central support, University IT is ready to help. Visit CrashPlan PROe Backup.
The encryption deadline for some computers is only a few weeks away (and for the rest, only a few months), so the time to start preparing is now. If your department hasn't already begun the process, contact the Information Security Office and they'll help you get started. If there are critical research computers that aren't capable of encryption, a temporary exception can be requested through the Information Security Website.
Encrypting all those computers is a big job, so to make sure no machines slip through the cracks, University IT and local IT staff will be deploying the Stanford Device Identification app on each computer. The app asks each user who they are and then a few questions about how the computer is used. The answers will be sent to a Device Registry that will generate reports to help users, local IT staff, and managers keep track of which machines still need their attention. University IT will provide tools to automate the encryption process and to configure any special settings that might be necessary for the classifications of data the machines will store.
In the spring, University IT will start sending notifications to users of the (hopefully few) computers that are still unencrypted and don't have a formal exception. If we start tackling the bulk of computers now, this cleanup phase can be complete before the final deadline of May 31, 2015.
For more information on the endpoint encryption initiative, see the Information Security Website.