Encrypting Media

Your organization's policy defines access to business and non-business data. Your policy may allow access only to business data, which is encrypted. As an alternative, your policy can allow access to business and non-business data, but the business data must be encrypted and password protected. In this case, Media Encryption creates two drives on the physical storage device. One encrypted drive for business data and a non-encrypted drive for non-business data.

If you have the required permissions you can:

  • Configure a password that gives users full access to the encrypted drive.

  • Configure the percentage of the physical device to be encrypted. For example, if you encrypt 50% of a device, the encrypted (business data) drive occupies 50% of the physical device. The remainder is assigned to a non-encrypted (non-business data) drive. When you import and encrypt files, they are always put on the business data drive.

    Note - If you configure a drive that is smaller than the volume of data you want to encrypt, the encryption procedure fails.w

    Important - We recommend that you do not encrypt non-computer external devices such as: digital cameras, Smartphones, MP3 players, and the like. Do not encrypt removable media that can be connected to such devices.

To encrypt a new storage device:

  1. Connect a removable storage device (CD, DVD, USB) to your computer.

    Note - In addition, you can start the encryption procedure by dragging a business data file to a storage device in Windows Explorer that has not been encrypted. In the Files Must be Encrypted window, click Encrypt. Continue with Step 3.

  2. From Media Encryption & Port Protection, select a device and click Create Encrypted Storage.

    The Removable Device Encryption window opens. The options shown are set by your administrator. In addition, you can encrypt and decrypt devices

  3. In the Removable Device Encryption window, configure the available options. If you do not see an option, that option is not allowed by your policy.

    • Set a password to allow full access to the device while online (connected to your network) and offline.

    • Select a percentage of the storage device to encrypt (not available for CDs or DVDs).

  4. Optional (if available).

    Click Advanced Settings to:

    • Set a password for read-only access to the device.

    • Set an owner for the device (not available for CDs or DVDs). Usually, the administrator sets a policy that only the owner of the device can access the files on the device. Select one of these options:

      • Media owner will be assigned on first use - The first user to connect the storage device d to an endpoint computer automatically becomes the owner.

      • Assign media to a user: Assign ownership to the user running the encryption (that is, you) or click Browse to select a user from the active domain.

  5. Click Encrypt.

  6. If you are encrypting a CD or DVD, a window opens where you can add and remove the files that will be copied to the encrypted drive on the disk.

    1. Go up one step in the folder structure.

    2. Add files or add an entire folder copy to the disk.

    3. Select and delete any file or folder that you do not want to copy to the disk.

    4. Click Next. The files are copied to the disk.

    5. A message shows when the procedure completes.

    A window shows the encryption progress. Based on the type of storage device and the quantity of data, this procedure may take a long time.

    Warning - Do NOT remove the storage device during the encryption procedure. This destroys your data and may damage the storage device.

  7. When the Finish window opens, click Finish to complete the procedure.

The encrypted storage device status at this time shows as Encrypted in the Media Encryption & Port Protection window. Non-business data is not changed, deleted, or encrypted. It remains on the non-encrypted device.