Encryption Recommendations

CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People

For support: call extension 5-Help (212-305-4357) or email us

Encryption

Encryption Recommendations

The recommendations on this page are provided as a courtesy only, anyone requiring further assistance with the installation, use and troubleshooting of any software and hardware at CUMC should refer to the Computer Support page.
Full information on Encryption requirements at CUMC can be found within the IT Policies, Procedures and Guidelines area of our website.

Before Using Any Encryption Program
The purpose of any encryption software is to make data unreadable if proper authentication is not provided. Issues including permanent loss of data can occur if you do not adequately prepare your computer and data before installing or beginning to use encryption.

Verify that the software is compatible with your computer and existing software.
Review the program's installation and help documents to understand how you will be using it.
Backup your existing data and files and follow any CUMC requirements for storage and encryption of backups. For most faculty and staff, CUMC IT managed network drives are the easiest way to do this.

It is also important that you do not forget or lose any password you set in an encryption program. Doing so may mean that you can no longer access the files; many programs do not provide a backup method to decrypt data without the password.

Disk Encryption and Pre-Boot Authentication
Not all programs listed below can provide pre-boot authentication; it is indicated where available.

Symantec Endpoint Encryption

CUMC IT is able to offer Symantec Endpoint Encryption (SEE - formerly called GuardianEdge or GE) for compatible Windows computers.
Note that SEE is not the same as Symantec Endpoint Protection (SEP), the antivirus program used by many Columbia faculty, staff and students; SEP does not offer encryption.
Use: Full disk and file and folder encryption.
Pre-boot authentication is currently only enabled on Dell Leased laptops and compatible CUMC IT imaged laptops that were received on or after June 1st, please see Encryption at CUMC for details.
Cost: Columbia University has limited licensed copy.
Encryption: AES 128 bit/256 bit
Password authentication: Yes
Usage: for the CUMC IT download form please click here.

In the event the encrypted password is forgotten, Symantec Endpoint Encryption provides a self-service mechanism to retrieve the lost password. This feature is only available in SEE, whereas in the free products mentioned below if the password is lost, it can never be retrieved, and the encrypted information is inaccessible even to the legitimate users.

FileVault 2

Website: http://support.apple.com/kb/HT4790
Use: Full disk encryption with pre-boot authentication on OS 10.7 (Lion) and higher. Encryption of external USB or FireWire drives and CDs or DVDs can be done using Mac OS X's Disk Utility.
Pre-boot authentication is only available in FileVault 2. This is native to OS 10.7 (Lion) and higher, but is not available in earlier OS versions that use FileVault rather than FileVault 2.
Cost: Included with the OS.
Encryption: AES
Password: Key derived from user’s login password.
Usage: Please see Apple's website or the Mac Help files on your computer.

BitLocker

Website: http://windows.microsoft.com/en-US/windows7/products/features/bitlocker
Use: BitLocker is available on Windows 7 computers for hard drive and USB drive encryption. Some versions of BitLocker are not compatible with Windows Home Edition etc., please review all program information for compatibility.
Pre-boot authentication can only be used on compatible Windows 7 versions manufactured with TPM version 1.2 or higher.
Cost: Included in as part of the Windows OS.
Encryption: 3DES, AES-256 (default) , RSA Certificates, ECC
Password: Yes
Usage: Please see website documentation or the help files on your Windows computer.

Truecrypt

Website: http://www.truecrypt.org/
Use: Disk encryption software for Windows 7/Vista/XP, Mac OS X, Linux; allows for USB drive encryption as well.
Pre-boot authentication is available for some versions of Windows, see the vendor's website for full details.
Cost: Free/Open Source
Encryption: AES-256, Serpent, Twofish
Password: Yes, required to decrypt partitions/volumes
Usage: Please see website documentation

Individual File and Folder Encryption

Secure Email Gateway

Website: http://www.cumc.columbia.edu/it/howto/encrypt/secure-email.html
Use: Email encryption from CUMC IT Exchange accounts to outside email addresses
Cost: Free with a CUMC IT Exchange account
Password: the Receiver must choose a strong password on the CUMC Encrypted Email site to view encrypted messages and attachments.

WinZip

Website: http://www.winzip.com
Use: File and Folder Compression software
Cost: Free for Columbia faculty and staff via http://www.columbia.edu/acis/software/winzip/, otherwise please see the WinZip website.
Encryption: Standard Zip 2.0 and AES-128 & 256 bit
Do not rely on Zip 2.0 encryption to provide strong data security
WinZip's implementation of the AES algorithm has been FIPS-197 certified by NIST.
Password: Yes, files can be password protected.
Usage: See the WinZip website or information on the CUIT website.

Office

Website: http://office.microsoft.com
Use: Encryption of individual files (Word documents, Excel spreadsheets, etc.)
Cost: Included with Office
Encryption: AES-128/256 encryption
Password: Yes, files can be password protected
Usage: Open or create the file you would like to encrypt. Find the password protection options (Office 2010 for Windows look in File - Info; Office 2011 for Mac open Tools - Protection; otherwise use the program's Help menu) and follow the prompts to set a password.

| TOP |

Last updated 5/02/2013

Home

Faculty and Staff

Students

Policies

About CUMC IT

CUMC Home | At Columbia University | Affiliated with New York-Presbyterian Hospital | Comments | Text-Only Version