The only approved and supported method for university computers "at rest" is whole disk encryption used for personal desktop and laptop computers. Servers which have not been approved by the IT Security Office as having sufficient mitigating controls in place should also use encryption.
Whole disk encryption:
- Protects the entire contents of the hard drive
- Protects the data from theft when the system is turned off (loss or theft of the computer won’t expose data on an encrypted hard drive)
- May not protect the data when the system is turned on
The university has an enterprise encryption solution for Windows-based systems. Approval to store sensitive data will trigger a request to have the Windows system encrypted.