Educause Security Discussion mailing list archives
Re: A "default stance" question for my esteemed Educause colleagues....
From: Minh Nguyen <mtnguyen () UCDAVIS EDU>
Date: Wed, 11 Apr 2018 17:26:00 +0000
Michael - My office is a Windows 7/10 environment. We have all laptops and desktops encrypted with Bitlocker. For those machines that are AD joined, the recovery key is automatically stored in Active Directory. For the most part, Bitlocker has worked very well for us. However, there have been a few occasions where Bitlocker locked up the machine for trivial things (like changing the connection for the monitor). In those cases, we just pull the recovery key from AD and enter it in. We may occasionally un-Bitlocker a computer and re-Bitlocker it. Minh =========================================== Minh T. Nguyen, MBA, CISSP Graduate Studies - Director of Information Technology University of California, Davis Voice: (530) 454-7647 E-Mail: mtnguyen () ucdavis edu<mailto:mtnguyen () ucdavis edu> =========================================== From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Michael Schalip Sent: Wednesday, April 11, 2018 9:27 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] A "default stance" question for my esteemed Educause colleagues.... Hi Folks, Looking for some wisdom from the masses.... We currently use full disk encryption on (in theory) all laptops. However - there is a proposal on the table to establish a requirement to encrypt the hard drives on all *desktop* computers as well. I've been down this path before (in a couple of previous work environments), so I'm keenly aware of the pros/cons of adopting this kind of default stance. However - we're wondering what the rest of the academic world is doing.... In short - operating under the assumption that encrypting most (if not all) laptops is a good idea - what do the rest of you do when it comes to encrypting your desktop computers? Do you: * Encrypt any of them? * Encrypt ALL of them? * Encrypt only faculty/staff computers? * Encrypt only certain ones?.....which ones? What's the criteria? * Make encryption an option left up to the department or user? Looking forward to the collective responses.... Thanks, Michael
Current thread:
- A "default stance" question for my esteemed Educause colleagues.... Michael Schalip (Apr 11)
- Re: A "default stance" question for my esteemed Educause colleagues.... Davis, Chris (Apr 11)
- Re: A "default stance" question for my esteemed Educause colleagues.... David D Grisham (Apr 11)
- Re: A "default stance" question for my esteemed Educause colleagues.... Minh Nguyen (Apr 11)
- Re: A "default stance" question for my esteemed Educause colleagues.... Gregg, Christopher S. (Apr 11)
- <Possible follow-ups>
- Re: A "default stance" question for my esteemed Educause colleagues.... Joel Garmon (Apr 12)