Duke Enterprise Whole Disk Encryption Solutions:
- Windows computers should use Windows BitLocker Drive Encryption.
- Apple OS X computers should use Apple's FileVault 2.
- Linux computers should use an equivalent encryption solution.
See the following resources for managing whole disk encryption:
For computers managed by Duke IT staff:
Duke IT staff should take additional steps beforehand in order to ensure that the recovery key is recorded in a central location (i.e. "key escrow").
- To escrow Windows BitLocker recovery information in Active Directory, see the How to Store BitLocker Recovery Information in Active Directory Duke KnowledgeBase article
- To escrow Apple OS X FileVault 2 recovery information, enroll the computer in the Duke University Jamf instance and then refer to one of the Jamf guides on Administering FileVault.
Note: Computers in Duke Health are subject to different policies regarding encryption; see the Duke Health encryption standard and explanatory video for details.