Encryption

Know Your DataAs an end-user within the Harvard Graduate School of Education (HGSE) and broader Harvard University community, encryption is a tool that is required by the Harvard Enterprise Security Policy (HESP) and Research Data Security Policy (RDSP) for certain mobile devices (laptops, cellphones, tablets, USB storage devices, external hard drives, etc.).

What Should Be Encrypted?

IT Service Center Support for Encryption

HGSE-Owned or Managed Systems or Devices

Purchase & Configuration

HGSE-owned or managed systems and devices are encrypted by default where technically feasible using BitLocker (Windows) or FileVault (Mac OS X) by the IT Service Center. The IT Service Center is also able to assist with the purchase of encrypted USBs and external hard drives if provided the appropriate departmental/POC billing code.

Ongoing Support

Ongoing support and assistance (e.g., upgrades, account lockouts, data recovery, etc.) for encryption tools and devices may be provided when the system or device is HGSE-owned or managed via the IT Service Center.

Personal Systems or Devices

Purchase & Configuration

Regretfully, the IT Service Center is unable to provide encryption tools for personal mobile devices (laptops, cellphones, tablets) or provide encrypted mobile devices (USBs, external hard drives) free of charge to HGSE community members. IT Service Center staff members are, however, able to assist end-users with enabling/configuring encryption tools on their personal hardware.

Ongoing Support

Due to technical limitations as well as liability issues accompanying encryption tools and personal hardware, the IT Service Center is unable to provide any ongoing support or assistance (e.g., upgrades, account lockouts, data recovery, etc.) to HGSE community members for personal hardware.

Recommended Encryption Tools

Encryption tools are available for both Windows and Macintosh operating systems, as well as for the majority of commercial mobile devices. HGSE community members or affiliates that require an encryption solution for their personal hardware should consider utilizing or purchasing the following encryption tools.

Please note that native hardware (full disk) encryption products (i.e., BitLocker (Windows) and FileVault (Macs)) are known to be the most reliable versus third-party software encryption products, but some user devices and/or operating systems either don't come pre-pacakged with hardware encryption capabilities, or are unable to support it. Similarly, due to Apple policy, Mac computers with T2 chips (since mid-2018) prevents third-party boot modules from loading, so third-party encryption (versus the native FileVault) will not operate:

Laptop/Desktop Computers

USBs & External Hard Drives

iOS/Android Devices