PGP Encryption Project
|
|
All portable computing devices and media used by an HSC workforce member who has access to UF HSC or Shands Restricted information, must be configured to encrypt all locations where Restricted data is likely to be stored. For laptops and tablet PCs, whole disk encryption must be deployed. The Policy Encryption is not optional. Please review the HSC Policy TS0010 for complete details. Forms: Authorization to Remove Restricted Info The Authorization to Remove Restricted Info form must be completed by all laptop users. If you are using a handheld device, PDA or Smartphone we request that you complete the Mobile Device Security Responsibility form and return it to Computer Services. Scheduling Computer Services is scheduling with each laptop user to have their system encrypted. Please allow at least one business day. If you have a department managed laptop and have not yet scheduled to have it encrypted please contact the helpdesk as soon as possible. email:
helpdesk@surgery.ufl.edu
We are subject to a deadline of completing this project by November 1, 2007. It is preferred that we be able to pick up your laptop near the end of one business day. In this way we can start some of the processes and allow them to run overnight and allowing for return mid to late the following day. The Process The process, while not labor intensive, is time intensive. We will need to have your laptop for up to 24 hours Our process consists of three steps. 1. Backing up data There is the possibility that the encryption process may corrupt the disk making the data on it unusable. 2. Surface scan of the hard disk The surface scan will identify and flag any bad sectors on the hard disk. This is a precaution against the encryption process failing should it attempt to write data to a bad sector. 3. Encryption of the hard disk using PGP Encryption. "PGP" is the software vendor we are using. The process of encrypting the hard disk uses a pass-phrase to create a hash which is used in the encryption algorithm. Effects on Workflow After your laptop has been encrypted the obvious evidence is the initial prompt. Prior to the POST (power on self test) as your laptop starts, PGP will present a grey "Passpharase" banner. This will serve as a single sign on to both open the machine and log in to Windows. The passphrase is synchronized with your Windows authentication information. Any public or loaner machines will utilize a passprhase unique to the machine and which will not be synchronized with any particular Windows account. There is no performance overhead to using an encrypted laptop. Once logged on to the machine the fact that it is encrypted is transparent. Personal Laptops If you are using a personal laptop to connect to UF, HSC or Dept. of Surgery network resources, this too will require encryption. You may do this on your own with another product, with Window Encryption or something similar. You may also arrange with Computer Services and your division for the purchase of a license for PGP. We will be glade to assist you. If you have any questions or concerns please do not hesitate to contact your Computer Services division. |