As part of our ongoing data security efforts, data encryption using Sophos Device Encryption (SDE) software is available to all current faculty and staff. SDE should be installed on all BC-owned computers that meet the technical requirements. For most computers, the software will be automatically installed without any action on your part. Computers received as part of BCCR will be deployed with encryption enabled and managed by SDE.
Note: Sophos Device Encryption (SDE) software replaced Dell Data Security (DDS) encryption software.
- All BC-owned computers that meet the technical requirements should be encrypted.
- You should always perform a successful backup of your computer before you start the encryption process.
Technical Requirements
What are the minimum requirements supported?
- Processor: Intel Pentium class or AMD
- RAM: 2 GB
- Hard Drive Space: 2 GB free hard drive space
- TPM Chip 1.2 or Higher
- Sophos Central Agent must be installed
- macOS 14 (Sonoma)
- macOS 13 (Ventura)
- macOS 12 (Monterey)
- Windows 11
- Windows 10
Sophos Device Encryption (SDE) software is not available for Linux at this time.
If you are running Linux on your BC primary laptop or on any computer that contains sensitive data, please contact the Help Center at 617-552-HELP (4357).
Sophos Device Encryption (SDE) software is not available for Chromebook at this time.
FAQ
Encryption is the process of converting data to an unrecognizable or "encrypted" form. It is commonly used to protect sensitive information so that only authorized parties can view it.
Sophos Device Encryption (SDE) is a software based encryption solution for endpoints. It helps protect sensitive data on devices by enabling the built-in Operating System (OS) encryption on the endpoint with defined policies, which can be managed centrally by IT.
SDE uses the built-in Operating System encryption (Bitlocker for Windows and FileVault2 for macOS) and are both Full Disk Encryption.
SDE will centrally manage encryption keys for Bitlocker and FileVault2 (both Full Disk Encryption). ITS will manage the endpoints through a Sophos Management Console, which gives ITS a central repository for all encrypted endpoints.
All BC-owned computers that meet the technical requirements should be encrypted.
No. At this time, there is no SDE software available for Linux. If you are running Linux on your BC primary laptop or on any computer that contains sensitive data, please contact the Help Center at 617-552-HELP (4357).
Yes, ITS recommends you backup your files using CrashPlan Backup. Learn more:
Because SDE leverages the built-in Operating System (OS) encryption, ITS anticipates no impact on performance. Sophos is already installed on all BC-owned computers. When an existing device requires encryption, ITS activates the encryption component of the Sophos Agent, enabling the built-in OS encryption process. Although this process is generally swift, it may take up to a couple of hours depending on hardware specifications and hard drive size. The background encryption sweep consumes minimal resources. Once the encryption is complete, the software immediately encrypts new data as it is created or added to the hard drive, ensuring minimal CPU usage.
No. And, you will follow the same process to logon to your computer and use the computer the same as you normally would. The software will encrypt the data based on the policies applied. Computer performance should not be impacted. If you feel that your computer performance is being affected by encryption, please contact the Help Center at 617-552-HELP (4357).
No, ITS has not seen any effect on folder\files used with Google Drive. When the Google Desktop Sync app copies the folders\files to Google Drive they are not encrypted. This is because the utility has access to the necessary keys during the sync process. When folders/files are copied to the Desktop Google Drive, they will be encrypted.
To view the data protection status, open the Sophos Endpoint Agent app. You should see the message: Your device is protected.
To view the data protection status, open the Sophos Device Encryption app. You should see a green icon next to the disk name (ex. Macintosh HD).