Data Encryption FAQ: Removable Media Basics
Available upon request to be enabled on all workstations at a future date.
- What is removable media encryption?
- What are EMS and Dell Data Protection Encryption?
- How does media encryption work?
- Will encryption change how I use applications?
- Can I use encrypted media on my home PC?
- Do I access encrypted media the same way on any PC?
- What media or devices can be encrypted?
- Will I be prompted to encrypt every device connected to my PC?
- Will my phone or any memory cards inserted in my phone be encrypted?
- Will a memory card in my phone ever be encrypted?
- If prompted, should I encrypt memory cards that are used in my phone?
- What if a removable device no longer functions properly after encryption?
What is removable media encryption?
It is a way of protecting data that is stored on USB flash drives, cameras, and other removal media so only authorized users can access that data. This also ensures that data on lost or stolen media can't be read.
What are EMS and Dell Data Protection Encryption?
Dell Data Protection Encryption is the product that is installed on a UC Irvine Medical Center PC to protect removable media via External Media Shield (EMS) encryption.
How does media encryption work?
The general process is:
- Encryption Software is installed on your UC Irvine Medical Center PC.
- For users that have EMS enabled you are prompted to encrypt any unprotected media you insert in your work PC.
- You have the option to encrypt that media or not. No media is encrypted without your approval.
- If you select NOT to encrypt your external media you will have FULL ACCESS to the media.
Note: If you choose not to encrypt the data on your removable media, you are fully responsible for all data on the device and attest that restricted data will not be stored unprotected on the unencrypted removable media.
- Once you approve, you set a password for future access to that media.
- Once your password is set, the software automatically provisions a client, secured encryption keys, and policies to the media. We call this process Shielding.
- From that point on, all data added to or edited on the media is automatically encrypted.
Will encryption change how I use applications?
No. Applications won't even notice the encryption process because it's done automatically in memory.
Can I use encrypted media on my home PC?
Yes. Policies and encryption keys travel with the media so you can access encrypted data via any Windows computer, even your home system that is not protected by encryption software.
Do I access encrypted media the same way on any PC?
No. There is one process for accessing that media from a protected UC Irvine Medical Center PC and a slightly different process for accessing it from another PC that is not running encryption software. Specific workflows are described later in this FAQ.
What media or devices can be encrypted?
In general, the software on your UC Irvine Medical Center PC will offer to protect any media or device (USB drives, SD cards, iPods, external hard drives, etc.) connected via the following interfaces, even if Windows designates them as something other than removable media:
- Compact Flash bus
- Secure Digital (SD) bus
Will I be prompted to encrypt every device connected to my PC?
No. UCI Health may define policy to exclude some specific devices from encryption. If you insert one of these "Whitelisted" devices, you will not be prompted to encrypt it even if it does satisfy the criteria described above.
Will my phone or any memory cards inserted in my phone be encrypted?
No. The software recognizes phones and will not ask to encrypt them or any SD memory cards that are inserted in your phone. The one exception is described in the next answer.
Will a memory card in my phone ever be encrypted?
Mounting a memory card as though it's inserted directly in your PC is the one exception to the previous answer. If you have an SD memory card in your phone, some newer phones will allow you to mount that SD card as though it's inserted directly into your PC. In this case you will be prompted to encrypt the memory card.
If prompted, should I encrypt memory cards that are used in my phone?
No. It is best not to encrypt the memory card in this case as it will render that card unreadable to your phone until it is decrypted.
What if a removable device no longer functions properly after encryption?
Remember that we will never encrypt something without your approval so it's likely you will never have this problem. About the only time EMS will negatively impact the functionality of a removable device is if the device operating system or similar files get encrypted. Even if this happens, it's not a problem as service desk can help you decrypt the removable device, which will fully restore all functionality.