Tools to Support Endpoint Encryption Initiative

The endpoint encryption initiative has steadily progressed over the past year, with the goal of ensuring that all employee devices used for Stanford activities on the campus network are verifiably encrypted by May 31, 2015.  

Several tools have been developed by University IT to assist IT staff and end users in this effort:​

• Device Registry Reports: This new utility merges several data sources to provide a consolidated view of all devices associated with your department along with the compliance status of each.  This is the primary tool for CRC or your local IT support so they may track your organization’s encryption effort, including helping you identify machines that are not managed.  To gain access to this utility, please contact your department's IT manager or submit a HelpSU ticket under "Administrative Applications" --> "Reporting-OBIEE."  For more information about these reports, please visit https://itservices.stanford.edu/service/deviceregistry/.

• My Devices: Set for release in early April, My Devices will enable individual users to directly see what devices have been associated with them on the Stanford network, along with the compliance status of each.  For those devices that are out of compliance, remediation instructions will be provided.  You can find sample screenshots at https://itservices.stanford.edu/service/mydevices/details.  

• Stanford Whole Disk Encryption:  SWDE (pronounced “suede”) is the recommended encryption tool for desktops and laptops at Stanford.  SWDE includes BigFix for configuration management, and it is required for all computers that handle Prohibited or Restricted data.  For those machines already managed by BigFix, the SWDE installer can be pushed out via BigFix to gain scalability in your encryption effort.  For assistance with this, please contact Philip de Louraille (yzarn@stanford.edu).

• VLRE: Computers that handle Prohibited or Restricted data must use Stanford Whole Disk Encryption (SWDE).  For computers that do not handle Prohibited or Restricted data, SWDE is recommended, but a read-only application called "VLRE" (pronounced “velour”) will soon be available.  VLRE periodically reports on the computer's encryption and screensaver password status, leaving maintenance of the computer entirely to the user.  Development of VLRE is nearing completion, and it will be available for download later this month.