New policies mean encrypting new and current notebook computers

Texans, via our duly elected representatives, have told us we must meet certain state requirements that promote alignment with national standards (such as FISMA and NIST 800-53).  Our citizens, donors, grantors, students, and perhaps you expect us to protect information:

  • Confidentiality (prevent inappropriate disclosure; e.g., UNT General Counsel expects you to treat student "emplid" values, like those on class rolls, as confidential/sensitive)
  • Integrity (prevent corruption, prepare for disasters, etc.)
  • Availability (ensure people can, as appropriate, access information they need)

To that end, over the past year, the UNT System and constituent institutions collaborated on an entirely new set of IT policies.  Pending final legal review, the System Administration expects all constituent institutions to adopt those policies, replacing most, if not all, of the institution-specific IT policies.

While doing the major policy update, the authors put in a few mandated items, including this one:  We must encrypt all university notebook computers.  For us to meet that requirement, please:

  • Expect CAS IT to encrypt newly-acquired, university-purchased laptops CAS IT will maintain
  • Expect CAS IT to convert/encrypt extant, university-owned laptops CAS IT maintains:
    • Before: You should do and test local, original work file back-ups
    • During: Expect an email within a week or two, customized for your laptop type, with more information
    • After: Upon boot, enter a password or PIN and use the laptop as normal
  • Set up encryption on university laptops you (not CAS IT) maintain

Properly-implemented encryption dramatically reduces the risk of confidential and/or sensitive information exposure due to computer theft. Perhaps useful for you to consider since most people increasingly use fixed and mobile devices for finances, health care, intellectual property development, and more.  Encryption also aligns with consumer desire for better privacy.

Some drawbacks you may not like: 

  • Entering a decryption password (or PIN) when starting the system
  • Waiting a tad longer for the computer to decrypt/encrypt data when you open/close a file
  • Losing access to information when you forget a password (or PIN)
  • Protecting back-ups (if you back-up encrypted data, can you decrypt them when you need them?)

Doing this on notebook computers likely represents a first step for UNT.  As more employees use personal devices to do work-related business, Texas and/or UNT may hold them more accountable for protecting data (e.g., with encryption), even on personal devices (you may want to do that, even if just for your personal privacy and theft protection).  This is our opportunity, on a smaller scale (UNT notebooks represent a smaller part of our overall computer deployment), to figure out the quirks and find the best solutions together.

Realizing this solution seems to work well for our colleagues using it at UT System and TAMU, we hope data encryption provides more benefit than drawbacks for you and our constituents.