Skip to main content

BitLocker

Data encryption for Windows

BitLocker is a feature of Windows that encrypts your data to keep it safe from unauthorized access. Using BitLocker Whole Disk Encryption (WDE), your entire disk is encrypted. 

Please consult your security liaison or your local technical support provider before enabling this feature on any Cornell-owned hardware.

Encryption is the process of scrambling data to make it unreadable to anyone who does not possess the proper key. When you encrypt an entire disk using BitLocker, all of the files on the computer are encrypted, including:

  • Operating system files
  • Application files
  • Data files
  • Swap files
  • Free space
  • Temp files

When you log on to an encrypted computer, your drive is decrypted. When you shut down your system, the drive is re-encrypted. This means that, when your device is powered off, your disk is protected against use by others.

Remember that once you unlock a disk, its files are available to you AND anyone else who can physically use your system. If you leave your system unattended, your files are not encrypted.

University Policy 5.10: Information Security requires full-disk encryption for all university-owned desktops, laptops, smartphones, tablets, and other portable computing devices. Specific exceptions are defined within the policy. Check with your local security liaison or technical support provider.

There is no minimum or maximum size for a BitLocker WDE-encrypted disk. All Windows power management modes (Hibernation, Standby, Suspend) are supported.

Because BitLocker is a component of the Windows operating system, it is not available for Macs. For Macs, use FileVault instead.

Service Details

Cost:

No Fee

Regulated Data:

Not applicable or information not available.

Support Contact:

Was this page helpful?

Your feedback helps improve the site.