Skip to content Skip to site navigation

Partners protecting against data loss and theft

IT Services helps School of Medicine encrypt thousands of devices
Wednesday, April 24, 2013

Secured mobile devices at Stanford School of Medicine

In November 2012, the School of Medicine launched a major data security project with the goal to encrypt all computers containing, or having access to, Restricted or Prohibited Data (including Protected Health Information PHI). The School’s leaders asked IT Services to help their staff tackle this daunting task.

IT Services responded quickly, devoting a large number of staff resources on short notice:

  • The Computer Resource Consulting (CRC) unit developed a way of quickly backing up computers, encrypting them with Stanford Whole Disk Encryption (SWDE), and returning them to their owners, as well as imaging replacement computers provided by the School of Medicine (over a thousand computers too old to encrypt had to be replaced). The group hired and managed 25+ contractors for the hands-on work of encrypting the laptops.
  • The Endpoint Team in the Infrastructure Delivery Group (IDG) built applications to inventory devices and users and to back up systems prior to encryption. They also customized tools and added enforcement mechanisms to assist in the management of the encryption effort.
  • The Application Support group developed a method for batch-creating HelpSU requests based on information pulled from the BigFix security, patch, and power management system.
  • Staff from across IT Services’ Client Support division served as “greeters” at the Laptop Drop-Off Encryption Depot, while others handled thousands of HelpSU and email requests.

The results were impressive. Through March 11, the School:

  • replaced and encrypted over 3,000 older laptops;
  • encrypted 5,412 computers which handle PHI (and 6,199 computers overall);
  • backed up 5,872 computers using CrashPlan as the School-wide enterprise solution; and
  • protected 3,526 mobile devices with IT Services’ Mobile Device Management solution.

In mid-March, the School moved into a “desktop phase.” IT Services scaled back its widespread cross-team involvement, but staff from our CRC and IDG groups continue to support the project.

IT Services staff devoted hundreds of staff hours to this critical effort to protect institutional data, helping to establish a model for collaborative problem solving. Our staff came away with many valuable lessons to apply in the future, as it’s likely that other Stanford units will decide to encrypt all mobile devices (laptops, tablets, smart phones).

Share Feedback

DISCLAIMER: UIT News is accurate on the publication date. We do not update information in past news items. We do make every effort to keep our service information pages up-to-date. Please search our service pages at uit.stanford.edu/search.