Skip to main content
All CollectionsSecurity ControlsDefault Security Controls
Default Security Controls: Disk Encryption
Default Security Controls: Disk Encryption

Electric's policy for Disk Encryption.

Updated over a year ago

Introduction

Disk encryption is a security measure used to protect the data on a device’s startup disk by converting information into unreadable code. This security measure helps prevent unauthorized access to local device data and is implemented through a full-disk encryption policy.

Electric’s encryption policy uses full-disk encryption software built into your devices’ Operating System (OS)—FileVault for macOS and BitLocker for Windows 10 Pro or Enterprise—to fully encrypt and protect your disks’ data.

FileVault

FileVault full-disk encryption (FileVault 2) uses XTS-AES-128 encryption with a 256-bit key to protect your Mac devices. Electric implements FileVault’s full-disk encryption through a Jamf Pro policy.

How the Policy Works

  • Electric will activate the Jamf Pro policy to remotely enforce encryption for existing and future Electric managed Macs.

  • Encryption enforcement will take effect on your end user computers upon reboot.

  • Once the policy is activated, end users trigger the encryption process by entering a local user password on their computer which will also generate a recovery key.

    • The policy to push disk encryption requires the status for Firewall to also be specified. It can be ON or OFF but will be enforced on all computers that have encryption turned on. User admin privilege is not required.

  • Disk encryption will run in the background after being triggered when computers are turned on and connected to power. Encryption will pause without error if unplugged.

  • Results may take up to 1 day before reflecting in the Device Management page in Turbine.

BitLocker

BitLocker drive encryption uses XTS-AES 128-bit encryption by default for OS and fixed data drives, and AES-CBC 128-bit by default for removable data drives.

Electric implements BitLocker’s full-disk encryption through a Kaseya policy. Please be advised BitLocker encryption is only available on Windows 10 Pro or Enterprise OS.

How the Policy Works

  • Electric will activate the Kaseya policy to remotely begin the encryption process.

  • Once the policy is activated, the encryption process will run in the background of your end users’ computers while machines are turned on and connected to power. Encryption will pause without error if unplugged.

  • Encryption enforcement will take effect on all managed computers on the day Electric pushes out the encryption policy. Computers must remain turned on, locked, or in sleep mode during this time.

  • Results may take up to 1 day before reflecting in the Device Management page in Turbine.

Please be advised that changes to BIOS (Basic Input and Output System) on Windows computers may prevent BitLocker’s encryption from running successfully and may result in inaccurate reporting. Electric does not support BIOS configuration at this time.

Did this answer your question?