Partners protecting against data loss and theft
In November 2012, the School of Medicine launched a major data security project with the goal to encrypt all computers containing, or having access to, Restricted or Prohibited Data (including Protected Health Information PHI). The School’s leaders asked IT Services to help their staff tackle this daunting task.
IT Services responded quickly, devoting a large number of staff resources on short notice:
- The Computer Resource Consulting (CRC) unit developed a way of quickly backing up computers, encrypting them with Stanford Whole Disk Encryption (SWDE), and returning them to their owners, as well as imaging replacement computers provided by the School of Medicine (over a thousand computers too old to encrypt had to be replaced). The group hired and managed 25+ contractors for the hands-on work of encrypting the laptops.
- The Endpoint Team in the Infrastructure Delivery Group (IDG) built applications to inventory devices and users and to back up systems prior to encryption. They also customized tools and added enforcement mechanisms to assist in the management of the encryption effort.
- The Application Support group developed a method for batch-creating HelpSU requests based on information pulled from the BigFix security, patch, and power management system.
- Staff from across IT Services’ Client Support division served as “greeters” at the Laptop Drop-Off Encryption Depot, while others handled thousands of HelpSU and email requests.
The results were impressive. Through March 11, the School:
- replaced and encrypted over 3,000 older laptops;
- encrypted 5,412 computers which handle PHI (and 6,199 computers overall);
- backed up 5,872 computers using CrashPlan as the School-wide enterprise solution; and
- protected 3,526 mobile devices with IT Services’ Mobile Device Management solution.
In mid-March, the School moved into a “desktop phase.” IT Services scaled back its widespread cross-team involvement, but staff from our CRC and IDG groups continue to support the project.
IT Services staff devoted hundreds of staff hours to this critical effort to protect institutional data, helping to establish a model for collaborative problem solving. Our staff came away with many valuable lessons to apply in the future, as it’s likely that other Stanford units will decide to encrypt all mobile devices (laptops, tablets, smart phones).