Skip to content Skip to site navigation Skip to service navigation

Encrypt Without Using SWDE

Overview

For those who would like to encrypt now without using Stanford Whole Disk Encryption (SWDE), you have the option of checking to see if your system is encryption-ready and activating the native encryption on your own. After extensive experience with third party encryption products, the University standardized on using the native encryption functionality provided by the operating system vendors (i.e., FileVault 2 for Mac OS X and BitLocker for Windows). We found these built-in encryption capabilities to be the most stable and best performing of the available options.

On Macintosh systems, native encryption is entirely transparent once enabled.  On Windows systems, the only noticeable difference is the need to enter another password of your choosing upon booting. Some older Macintosh and Windows systems may need to be upgraded in order to be encryption capable, and your local IT staff can help you in those cases. The Information Security Office has a process for you to request an exception from the encryption requirement for research computers that are not yet capable of efficient encryption.

Before you begin

IMPORTANT:

  • On rare occasions during the encryption process, disk failures have been known to occur, resulting in data loss or corruption. For this reason as well as being a general best practice, you are strongly encouraged to back up your files beforehand. ITS Code 42 CrashPlan provided by University IT is the recommended backup service and is widely used within Stanford, but your local IT group may provide other options. CrashPlan encrypts your backups for secure storage and also provides the option of setting a secondary password to ensure that only you can restore the files.

  • You are responsible for managing the recovery key if you encrypt your computer without using SWDE. If you lose or forget your recovery key, your encrypted data will be irretrievable. Be sure to make an offline copy of the key (or write it down) and store it securely, ensuring that it is kept separate from the computer.

Note:

  • Before starting the encryption, make sure your computer is connected to AC power.
  • Depending on the size and speed of your hard drive and how many files are stored there, encryption can take from 45 minutes to two days. You may want to start the encryption at the end of the day and let it run over night. You can use your computer during the encryption process, but certain activities may be noticeably slower.

Mac native encryption (FileVault 2)

Requirements: Mac OS X 10.7 and above

Instructions: See OS X: About FileVault 2 from Apple.

Windows native encryption (BitLocker)

Requirements:

  • Supported operating systems:
    • Windows 8 — Professional or Enterprise edition
    • Windows 7 — Enterprise or Ultimate edition
  • For Windows 7, the Trusted Platform Module (TPM) version 1.2 or higher must be installed. It must also be enabled and activated (or turned on).

Instructions: See Enable BitLocker.

Last modified June 13, 2017