Encrypting external storage devices:

In this part of the Data Encryption Project, we're making sure external storage devices are adequately protected.

What are external storage devices?

They're commonly available backup & storage devices, available via purchase on the Internet or from office supply stores, electronics stores, the U of U campus  store, etc

- Apple Timecapsule is an Apple offered product to back up your Mac to an external storage device.

- other products that are commonly used include Western Digital My Passport, or Seagate Backup Pro, etc.

What scenarios require encrypting these types of devices:

- using an external storage device to backup a laptop used for HCI / UUIHSC work.  (In other words, it does no good to have an encypted laptop, if the backup is not also encrypted.).

- using an external storage device to store data related to HCI / UU HSC work for transfer between systems, located  at HCI.

- any external storage device used to store HCI / UUHSC work offsite, even as a termporary "waystations" as a part of a larger process.

 

What's the preferred method for encrypting external storage devices?

If you're using the external storage to back up a laptop, the best option is to use the built-in encryption that came with the Lion & Mountain Lion versions of Mac OSX, or Windows 7 Enterprise, or Ultimate, or WIndows 8 Professional.

- For Macs, use the FileVault2 technology that comes in Lion & Mountain Lion OSX versions.  Here's a great link on how to encrypt external storage devices on a Mac with FileVault:  http://www.macworld.com/article/1161415/lion_encrypt_external_drive.html

- For PCs running Win 7 Enterprise /Ultimate, or for Windows 8 Professional, the technology of choice is "Bitlocker", and here are some instructions on encrypting an external device using Bitlocker:    http://help.morainepark.edu/Default.aspx?Page=BitLocker-to-Go-Instructions-for-Windows-7&NS=Staff%20Portal%20Help&AspxAutoDetectCookieSupport=1

In scenarios where data transfer is involved between both Mac & Windows systems, TrueCrypt may be a good option .  NOTE: you don't have to have TrueCrypt running on the systems that will write or read to the encrypted external storage devies.

CATG's oblication in this part of the project is to collect device names and serial nubmers, and make sure the systems are encrypted, note the information on a spreadsheet and provide that information to the UIT groups doing the project management for this phase of the data encryption project.