Technology for Research: Encryption

  • Faculty & Staff

Encryption technology is more widely used than ever before; even iPhones are now regularly encrypted (as you may have seen in the news).

Encryption is an important tool in helping to keep sensitive data secure. There are several different ways to encrypt your data, and which one you choose depends on a variety of factors such as your operating system and the use case that you are concerned about.

There are 2 primary modalities for encryption: data can be encrypted while “in transit”; and it can be encrypted while “at rest”. Encryption in transit does not guarantee encryption at rest, nor vice versa. They are entirely different processes.

Encryption in transit

When data is encrypted in transit, it is protected from snoopers while it traverses the Internet (or any other network, such as an internal network). Examples include using ssh from a command line, or using TLS with your web browser (https://) to access a secure resource, such as a Canvas website or your bank account.

Encryption at rest

Researchers who have sensitive data to protect may want to encrypt it while it is at rest on their hard drive or on a shared drive. Which kind of encryption one chooses depends at least in part on what you are trying to protect the data from.

If your data is stored on a laptop, the most prevalent risk for data loss is that the laptop might be lost or stolen. In this case it’s probably best to encrypt your entire hard drive, which will make the computer completely useless to anyone who doesn’t know the encryption key.

Your Data

If your data is stored on a desktop computer, the risk of data loss from the computer being lost or stolen is much lower. But you may want to encrypt a certain folder or a volume full of sensitive data, to protect against the risk that your computer might be compromised and the data accessed by an intruder.  If your computer becomes compromised but you are not using the sensitive data, then an intruder will not be able to access the encrypted data.

If you use a Mac, then you can use the built-in encryption software, FileVault.

If your primary machine is Windows, then you can use BitLocker.

It’s always a good idea to ask your LSP for assistance whenever you want to set up an encrypted drive or folder.