Johns Hopkins policy encourages (and for JHM requires) Whole Disk Encryption (WDE) on laptop computers that may store sensitive or restricted information. Whole disk encryption means that the entire drive is encrypted, not just a few files or folders. Users should work with their local administrators to backup and encrypt laptops.
Windows 7 users should use use Microsoft Bitlocker. Bitlocker is supported by an enterprise deployment of Microsoft Bitlocker Administration and Monitoring (MBAM), which provides centralized management and reporting for Bitlocker encryption keys. Information about MBAM is available on the MBAM SharePoint site. Please contact firstname.lastname@example.org if you have additional questions.
Checkpoint is currently being used primarily for Windows XP deployments, but the Johns Hopkins license does not support Windows 7. When enterprise support for Windows XP ends, the Checkpoint license will not be renewed.
Macbook users can deploy whole disk encryption through FileVault 2, a free tool included in OS X Lion and Mountain Lion versions. FileVault 2 is easy to implement and does not require the user to be an expert on Macs. Apple has provided step-by-step instructions for implementing FileVault 2. Versions of OS X older than Lion include FileVault 1, referred to as Legacy FileVault by Apple. FileVault 1 provides encryption of home directories only and not the full hard disk, which is much less secure than WDE.
For more information about laptop encryption, please contact email@example.com.