Encryption is a tool that is required by the Harvard Enterprise Security Policy (HESP) and Research Data Security Policy (HRDSP) for certain mobile devices (laptops, cellphones, tablets, USB storage devices, external hard drives, etc.).
What Should Be Encrypted?
- Any HGSE-owned or managed laptops, desktops, and mobile devices (i.e., purchased with School funds or grants);
- Any laptops, desktops, or mobile devices used to store or access Harvard information (including Harvard email), regardless of who purchased the device (see Harvard's Personal Device Security Guides and Harvard's Device Configuration Checklists for step-by-step instructions).
IT Service Center Support for Encryption
HGSE-Owned or Managed Systems or Devices
Purchase & Configuration
HGSE-owned or managed systems and devices are encrypted by default where technically feasible using BitLocker (Windows) or FileVault (Mac OS X) by the IT Service Center. The IT Service Center is also able to assist with the purchase of encrypted USBs and external hard drives if provided the appropriate departmental/POC billing code.
Ongoing Support
Ongoing support and assistance (e.g., upgrades, account lockouts, data recovery, etc.) for encryption tools and devices may be provided when the system or device is HGSE-owned or managed via the IT Service Center.
Personal Systems or Devices
Purchase & Configuration
Regretfully, the IT Service Center is unable to provide encryption tools for personal mobile devices (laptops, cellphones, tablets) or provide encrypted mobile devices (USBs, external hard drives) free of charge to HGSE community members. IT Service Center staff members are, however, able to assist end-users with enabling/configuring encryption tools on their personal hardware.
Ongoing Support
Due to technical limitations as well as liability issues accompanying encryption tools and personal hardware, the IT Service Center is unable to provide any ongoing support or assistance (e.g., upgrades, account lockouts, data recovery, etc.) to HGSE community members for personal hardware.
Recommended Encryption Tools
Encryption tools are available for both Windows and Macintosh operating systems, as well as for the majority of commercial mobile devices. HGSE community members or affiliates that require an encryption solution for their personal hardware should consider utilizing or purchasing the following encryption tools.
Please note that native hardware (full disk) encryption products (i.e., BitLocker (Windows) and FileVault (Macs)) are known to be the most reliable versus third-party software encryption products, but some user devices and/or operating systems either don't come pre-pacakged with hardware encryption capabilities, or are unable to support it. Similarly, due to Apple policy, Mac computers with T2 chips (since mid-2018) prevents third-party boot modules from loading, so third-party encryption (versus the native FileVault) will not operate:
Laptop/Desktop Computers
-
Native Hardware Encryption
- BitLocker (Windows 11, 10 (Pro and Enterprise editions), 7 (Ultimate and Enterprise editions))
- FileVault/FileVault 2 (macOS X and later)
-
Third-Party Encryption Tools
- Symantec Endpoint Encryption (Windows 11, 10, 7 (Home))
- Sophos Safeguard (Windows, Mac OS X)
- Jetico BestCrypt Volume Encryption (Windows, Mac OS X 10.9 and later)
- Veracrypt (Windows, Mac OS X and Linux)
USBs & External Hard Drives
