Body
Overview
As part of our commitment to enhancing desktop security, Binghamton has implemented Drive Encryption on university-owned machines in accordance with Binghamton University's Computer Endpoint Security Standards. ITS began rolling this out in March 2025 and all new university-owned machines are imaged with Drive Encryption.
Drive Encryption FAQ
1. Why is the university implementing Drive Encryption?
Drive Encryption is implemented for several key reasons:
Data Security: To protect sensitive university data (research, administrative, student information under regulations like FERPA, potentially health information under HIPAA) from unauthorized access if a device is lost or stolen.
Compliance: To meet SUNY, regulatory, contractual, and cybersecurity insurance requirements for data protection.
Best Practices: Full-disk encryption is a standard security measure to mitigate data breach risks.
2. What devices are affected?
Drive Encryption is implemented on university-owned computers (desktops and laptops).
3. Are there any exceptions to Drive Encryption?
Policy requires Drive Encryption to remain active on ITS managed devices storing university data. If you have a specific technical reason why Drive Encryption might interfere with your work, contact the ITS HelpDesk to explore potential exceptions or solutions.
4. What is BitLocker?
BitLocker Drive Encryption is a data protection feature integrated into Microsoft Windows. It encrypts the entire hard drive where Windows is installed. This means the data is scrambled and unreadable without the correct authentication (like your university login or a special recovery key). Its main purpose is to protect the university's and your data if a computer is lost or stolen.
University owned Windows devices managed by ITS are encrypted with BitLocker.
5. What is FileVault?
FileVault Drive Encryption is a data protection feature integrated into Apple macOS, It encrypts the entire hard drive where macOS is installed. This means the data is scrambled and unreadable without the correct authentication (like your university login or a special recovery key). Its main purpose is to protect the university's and your data if a computer is lost or stolen.
University owned Mac devices managed by ITS are encrypted with FileVault.
6. How will Encryption be enabled on my computer?
The process happens automatically or with minimal user interaction, managed by ITS.
For Windows devices already in use, the initial encryption process can take anywhere from 20 minutes to several hours, depending on the drive size and computer speed. You can usually continue working during this time, though performance might be slightly slower.
For Mac devices the device may require a reboot. A prompt to enable FileVault will appear at login. You will need to login and enable FileVault before the process will run in the background.
For all new Windows or Mac devices, encryption happens when ITS sets up the machine.
7. Do I need to do anything?
Although often no action is required, we ask that Mac devices be rebooted to ensure the prompt to enable FileVault is initiated.
ITS may contact you to verify encryption or if there is an issue.
8. Will Drive Encryption slow down my computer?
Modern computers with compatible hardware (like a TPM chip and processors with specific encryption instructions) handle encryption with minimal noticeable performance impact for everyday tasks (web Browse, email, document editing).
Older computers or those with traditional Hard Disk Drives (HDDs) instead of Solid State Drives (SSDs) might experience slowdown, especially during disk-intensive tasks (large file transfers, video editing).
9. How does the recovery key work? What if I need it?
When BitLocker is enabled, a unique 48-digit Recovery Key is generated for the drive. This key is a backup method to unlock your drive if the normal unlock process fails (e.g., due to significant hardware changes or system issues).
ITS backs up this recovery key securely in a central system. You do not need to manage this key yourself for your university-owned device.
If you are ever prompted for a BitLocker recovery key on your university computer, contact the university IT Help Desk/Support.
Important: Microsoft cannot recover lost BitLocker keys.
When FileVault is enabled, a unique 24-digit Recovery Key is generated for the drive. The key is a backup method to unlock your drive if the normal unlock process fails (e.g., due to significant hardware changes or system issues).
ITS backs up this recovery key securely in a central system. You do not need to manage this key yourself for your university-owned device.
If you are ever prompted for a FileVault recovery key on your university computer, contact the university IT Help Desk/Support.
10. Can I turn off Drive Encryption?
No, policy requires Drive Encryption to remain active on managed devices storing university data. Attempts to disable it will be reversed automatically by management systems and violate university policy. If you have a specific technical reason why Drive Encryption might interfere with your work, contact the ITS HelpDesk to explore potential exceptions or solutions.
11. What about personal devices (BYOD - Bring Your Own Device)?
BitLocker and FileVault are not enforced on personal devices, it is strongly recommended and required if you use your personal device to access or store sensitive university data.
Important: Storage of BitLocker and FileVault Recovery Keys on personal devices is not managed or stored by ITS.
12. Is my data automatically backed up because it's encrypted?
No. Drive encryption protects data confidentiality but it is NOT a backup solution. If your hard drive fails or files get corrupted/deleted, BitLocker and FileVault cannot recover them.
13. Who should I contact if I have problems or questions?
Contact the Binghamton University's ITS Help Desk or the dedicated Technical Support staff in your area for any questions or issues related to Drive Encryption on your university computer.
14. How can I verify that my drive is encrypted?
On a Windows Device, open File Explorer and look for a padlock icon next to the drive letter (usually C:). If the padlock is present BitLocker is enabled.
On a Mac Device, go to System Settings > Privacy & Security > FileVault to check if FileVault is turned on.
If you're unsure, contact ITS for assistance.
15. What happens if my computer is lost or stolen?
If your computer is encrypted with BitLocker or FileVault, the data is protected and unreadable without the proper login or recovery key.
You should report the loss immediately to University Police.
16. Can encryption cause problems with software or hardware upgrades?
Sometimes. Hardware failures or major changes like replacing the motherboard or updating BIOS/firmware can trigger a recovery key prompt.
If you would like assistance, please feel free to contact the Binghamton University ITS Help Desk at 607-777-6420 or Submit a Request, and we'll be happy to help.
Back to Top