CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
     
Columbia University Medical Center logo,  Columbia University Medical Center Information Technology
For support: call extension 5-Help (212-305-4357) or email us
 
 
Encryption
 

Using Encryption

Full information on Encryption requirements at CUMC can be found within the IT Policies, Procedures and Guidelines area of our website. The information and instructions here are for general use, anyone connecting to University and Medical Center resources must know and adhere to any applicable policies and requirements.

What is Encryption?
Encryption is the conversion of data into a format that is not readable or understandable without proper credentials. It provides extra security in cases where electronic information has been accidentally or purposely and maliciously disclosed. Most encryption software uses a strong password for credentials to authorize that data can be decrypted, or made readable again.

In general, encryption can be set up in the following ways:
  • Individual file and folder encryption - this encrypts only the data or locations that you specify, whether on a computer or removable media such as a USB key, DVD, external hard drive, SD card, etc. Some of these programs can also be used to send encrypted email attachments.
  • Full disk encryption - installed on a computer, external hard drive, or USB key, full disk automatically encrypts all data stored on the drive or "disk".
  • Pre-boot authentication - this adds a layer of security to a computer as it starts up, before the operating system loads. Please see information below regarding pre-boot authentication requirements at CUMC.

For more details on these methods see How Does Encryption Work?.

Once an encryption program is set up, it typically operates transparently. Files are automatically encrypted and decrypted when the proper credentials provided. You may see a splash screen with the name of the encryption software and its activity when saving files, moving them or shutting down your computer.

IMPORTANT! Before Using Any Encryption Program
The purpose of any encryption software is to make data unreadable if proper authentication is not provided. Issues including permanent loss of data can occur if you do not adequately prepare your computer and data before installing or beginning to use encryption.
  1. Verify that the software is compatible with your computer's hardware and existing software.
  2. Review the program's installation and help documents to understand how you will be using it.
  3. Backup your existing data and files and follow any CUMC requirements for storage and encryption of backups. For most faculty and staff, CUMC IT managed network drives are the easiest way to do this.
It is also important that you do not forget or lose any password you set in an encryption program. Doing so may mean that you can no longer access the files; many programs do not provide a backup method to decrypt data without the password.

Encryption and Pre-boot Authentication at CUMC

As per CUMC Encryption requirements, computers (including personally owned) that store or access sensitive data must use encryption that supports pre-boot authentication.

Pre-boot authentication can be implemented via the following:

Windows

Macintosh
FileVault 2 offers full disk encryption with pre-boot authentication. Click here for more information and instructions on configuring it for a CUMC computer.

Other Devices
Please see Encryption Recommendations.

| TOP |

Last updated 10/29/2014