Encrypt data and devices

Purpose

Encryption encodes information in such a way that unauthorized parties should be unable to read it. This helps to prevent compromises to the confidentiality and integrity of your data and is a part of robust, multi-layered security approach. Whether it is a compromised desktop, or a lost mobile or storage devices, encryption ensures that your data remains accessible to only you and your team.


Audience

faculty researchers Admin staff IT staff students


On this page


Initial considerations

Not all encryption algorithms are the same. AES-128 bit (or equivalent) is the absolute minimum you should consider. AES-256 bit or greater is preferred.

Determine your data's classification.

Consult with your local IT group.


What can I do?

Enable or install full-disk encryption packages.

Windows (institutionally managed)

Windows (self-managed)

MacOS (self-managed)

Linux (self-managed)

Android (self-managed)

iOS (self-managed)

Cross-platform

Encrypt at the file or folder level.

ZIP files can be transferred across platforms.

Windows

MacOS

Linux

Cross-platform

Use a self-encrypting device (SED).

Servers

  • Where possible, order SED storage drives and motherboards supporting Trusted Platform Module (TPM).

Storage


Search

How do I...


Additional help

General

https://handbook.security.utoronto.ca/wiki/spaces/ISH/pages/4948958/Contact+us#Information-Security-(IS)

Contact us | Information Technology (IT)

Researchers

https://security.utoronto.ca/services/research-information-security-program/


Related articles