nd.gov - The Official Portal for North Dakota State Government
North Dakota: Legendary. Follow the trail of legends

Endpoint Encryption

Endpoint encryption refers to encrypting the data stored on "endpoints," such as laptops, phones, and tablets. Encryption is the process of transferring normal words and numbers, called plain text, into an unreadable form of letters, numbers, and symbols, called ciphertext, which cannot be easily read without the key from authorized people. 

The state utilizes two different software pieces to handle encrypted drives. The first is Wave, a hardware-based encryption, and the other is Bitlocker, a software-based encryption. Wave encrypts the whole hard drive and is only able to be decrypted by a user entering in a password to get access.  After the password is entered correctly, it will boot into the operating system and allow them to work. To use this kind of encryption, you must have a self-encrypted drive (SED) that will allow Wave to manage the device. Bitlocker is enabled within the operating system. Users will only have to enter a key if an unauthorized party tries to access the hard drive while it’s powered off. Because it’s based on the operating system, if a hard drive is wiped, Bitlocker Encryption will also be wiped off.

Wave Systems Update (3/16/16)

Wave Systems has declared bankruptcy; therefore, ITD is in the process of selecting and implementing an alternative solution for agencies that currently utilize Wave. This page will be updated once a new solution is available. Contact the Service Desk for more information.

Benefits:

  • Data Protection – Even if a device is lost or stolen, a hacker would need to break an encryption key in addition to a password to get into the device and access the data. Because the encryption key is usually decoded during boot-up, your data will still be safe even if the hard drive is removed from a device and plugged into an external reader.
  • Prevents Boot Modifications – If someone is trying to get access to the data stored on this device by booting into a USB or CD drive, they will not be able to get that data.  This is because the drive is locked when trying to boot from another device until it is authorized.

Requesting Service

ITD's online Work Management System (WMS) may be used to submit a "Generic" service request.

Associated Rates

Title Current Rate Current One Time Fee
Endpoint Hard Drive Encryption - Hardware Based (WAVE) 2.65/user 71.00/user
Endpoint Hard Drive Encryption - Software Based (BitLocker) 2.00/user 45.50/user

Related Standards and Guidelines

Encryption

Ensures that sensitive information is encrypted.

News

Wave Systems Service Discontinuation Posted: Wednesday, March 16, 2016 - 7:53pmNews

Wave Systems, a developer of hardware based encryption technology used by the state, has filed for bankruptcy. ITD will provide updates on this topic through the monthly Information Technology Coordinators Council meeting.