Educause Security Discussion mailing list archives

Re: A "default stance" question for my esteemed Educause colleagues....


From: "Gregg, Christopher S." <csgregg () STTHOMAS EDU>
Date: Thu, 12 Apr 2018 03:49:46 +0000

We are working towards encrypting all desktops.  We haven't reached 100% but we're at about 70-80% so far for desktops. 
 Desktops don't tend to go missing very often compared to laptops, but the new small form factors are even smaller than 
a typical laptop.  I expect some will eventually go missing or even be used in unexpected, creative ways that will make 
us glad they were encrypted.

We're trying to be in a place where a lost or stolen computer only puts us out the cost of the hardware.  All user data 
would be encrypted and backed up via CrashPlan, or stored in the cloud.

Thanks,

Chris


Chris Gregg
Associate Vice President of Information Security & Risk Management, CISO
Information Technology Services (ITS)
csgregg () stthomas edu<mailto:csgregg () stthomas edu>
p 1 (651) 962-6265
University of St. Thomas | stthomas.edu<https://www.stthomas.edu>




From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Michael Schalip
Sent: Wednesday, April 11, 2018 11:27 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] A "default stance" question for my esteemed Educause colleagues....

Hi Folks,

Looking for some wisdom from the masses....

We currently use full disk encryption on (in theory) all laptops.  However - there is a proposal on the table to 
establish a requirement to encrypt the hard drives on all *desktop* computers as well.  I've been down this path before 
(in a couple of previous work environments), so I'm keenly aware of the pros/cons of adopting this kind of default 
stance.  However - we're wondering what the rest of the academic world is doing....

In short - operating under the assumption that encrypting most (if not all) laptops is a good idea - what do the rest 
of you do when it comes to encrypting your desktop computers?  Do you:

*         Encrypt any of them?

*         Encrypt ALL of them?

*         Encrypt only faculty/staff computers?

*         Encrypt only certain ones?.....which ones?  What's the criteria?

*         Make encryption an option left up to the department or user?

Looking forward to the collective responses....

Thanks,

Michael


Current thread: