Encrypt All the Drives!


UCOP recently issued an updated Information Security Policy (commonly known as IS-3) in conjunction with their minimum security standards to require encryption on laptops and mobile devices. By July 2019, all UC campuses must have a deployment plan to implement disk encryption “over the ensuing 12 months.” Encryption has already been required on Protection Level 3 (PL3) data or higher. One does not simply encrypt all the devices though, because it’s difficult! Come find how we have deployed disk encryption for Windows and macOS endpoints as a policy to meet the IS-3 requirement and as an offer in our Self Service portal via BigFix and Jamf Pro. I will be discussing how we use Dell Encryption to centralize the escrow and recovery of BitLocker and FileVault 2 encryption keys. Our process can be replicated to your campus for those that still may need a deployment plan, even if you do not use all of the mentioned systems.

Previous Knowledge

It may help to know about data encryption, but it is not required. No previous knowledge or skills are required for this session. While I may mention some technical terms and the listed systems in the description, the majority of the material will be on the deployment strategy we use at our campus to deploy disk encryption as a requirement on Windows and macOS endpoints and in our Self Service portal.

Software Installation Expectation

My presentation can be in Google Slides or PowerPoint format. I may have some demo videos, so a video player that can play modern video file formats would be great. I can also bring my own laptop with a number of adapters if that is allowed.

Session skill level
Session Track
Innovating IT Solutions