CUMC Home | Columbia University | Jobs at CUMC | Contact CUMC | Find People
     
Columbia University Medical Center logo,  Columbia University Medical Center Information Technology
For support: call extension 5-Help (212-305-4357) or email us
 
 
 Encryption
 

Encryption Recommendations

The recommendations on this page are provided as a courtesy only, anyone requiring further assistance with the installation, use and troubleshooting of any software and hardware at CUMC should refer to the Computer Support page.
Full information on Encryption requirements at CUMC can be found within the IT Policies, Procedures and Guidelines area of our website.

Before Using Any Encryption Program
The purpose of any encryption software is to make data unreadable if proper authentication is not provided. Issues including permanent loss of data can occur if you do not adequately prepare your computer and data before installing or beginning to use encryption.
  1. Verify that the software is compatible with your computer and existing software.
  2. Review the program's installation and help documents to understand how you will be using it.
  3. Backup your existing data and files and follow any CUMC requirements for storage and encryption of backups. For most faculty and staff, CUMC IT managed network drives are the easiest way to do this.
It is also important that you do not forget or lose any password you set in an encryption program. Doing so may mean that you can no longer access the files; many programs do not provide a backup method to decrypt data without the password.

Disk Encryption and Pre-Boot Authentication
Not all programs listed below can provide pre-boot authentication; it is indicated where available.

BitLocker
  • Website: http://windows.microsoft.com/en-US/windows7/products/features/bitlocker
  • Use: BitLocker offers hard drive and USB drive encryption on Windows 7 Enterprise or Ultimate editions or Windows 8.1 Professional Enterprise editions. Please review all program information for compatibility in advance.
  • Pre-boot authentication can only be used on compatible Windows systems that are manufactured with TPM version 1.2 or higher.
  • Cost: Included in as part of the Windows OS.
  • Encryption: AES-128 and 256*
  • Password: Yes
  • Usage: Please see website documentation or the help files on your Windows computer.
  • *IMPORTANT: BitLocker may default to AES-128. Please check instructions for the Windows OS you are using to ensure that AES-256 cipher strength is selected as per Encryption Policy requirements. Systems that are already encrypted using AES-128 will have to be decrypted and re-encrypted using AES-256.
Symantec Endpoint Encryption In the event the encrypted password is forgotten, Symantec Endpoint Encryption provides a self-service mechanism to retrieve the lost password. This feature is only available in SEE, whereas in the free products mentioned below if the password is lost, it can never be retrieved, and the encrypted information is inaccessible even to the legitimate users.

FileVault 2

No longer recommended

Truecrypt
IMPORTANT: Truecrypt has posted a message on their website that the tool may not be secure.
http://www.truecrypt.org
Anyone using Truecrypt should migrate to another encryption program as soon as possible; BitLocker for Windows or FileVault 2 for Mac are recommended.

Individual File and Folder Encryption

Secure Email Gateway
WinZip
  • Website: http://www.winzip.com
  • Use: File and Folder Compression software
  • Cost: Free for Columbia faculty and staff via http://cuit.columbia.edu/winzip-pro, otherwise please see the WinZip website.
  • Encryption: Standard Zip 2.0 and AES-128 & 256 bit
    Do not rely on Zip 2.0 encryption to provide strong data security
    WinZip's implementation of the AES algorithm has been FIPS-197 certified by NIST.
  • Password: Yes, files can be password protected.
  • Usage: See the WinZip website or information on the CUIT website.
Office
  • Website: http://office.microsoft.com
  • Use: Encryption of individual files (Word documents, Excel spreadsheets, etc.)
  • Cost: Included with Office
  • Encryption: AES-128/256 encryption
  • Password: Yes, files can be password protected
  • Usage: Open or create the file you would like to encrypt. Find the password protection options (Office 2013 and 2010 for Windows go to the File tab - Info - Protect Document - Encrypt with Password; Office 2011 for Mac open Tools - Protection; otherwise use the program's Help menu) and follow the prompts to set a password.

| TOP |

Last updated 6/04/2014

 
 
bullet Home                bullet Faculty and Staff                bullet Students                bullet Policies                bullet About CUMC IT
CUMC Home | At Columbia University | Affiliated with New York-Presbyterian Hospital | Comments | Text-Only Version