Skip to Main Content

Research Data Management (RDM): Encryption

One stop shop for all things related to Research Data and how to manage your data throughout its entire lifecycle


Encryption is the process of converting data into an unreadable code. Only those with the relevant password or decryption key are able to open the encrypted file.
It is recommended to encrypt sensitive data at all times. This applies regardless of whether data are being held on local storage, on network storage, or in the cloud.
Encryption will help ensure your data cannot be accessed by others should anyone attempt to access your files, for example if your laptop or other storage device were lost or stolen.
Generally, data encrypted with some software using an encryption key or passphrase/password can only be decrypted/converted back to its original form using the same method.

Basic principles 
• Applies an algorithm that makes a file unreadable 
• Needs a ‘key’ of some kind (passphrase or / and file) to decrypt


Encrypting Windows computers

Microsoft Windows comes in various versions. The most professional of these "enterprises”, supports whole disk encryption.
Earlier versions of Windows (Windows 7 and Windows 8) support encryption for the professional versions but not for "home" editions.
BitLocker drive encryption should be available on CDU ITMS-managed Windows computers. If your desktop or laptop doesn't have this, contact the CDU ITMS through LogIT.


Bitlocker is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.


Bitlocker prevents:

•    Offline Attack

Bitlocker prevents the type of attack where a malicious user will take the hard drive from your computer and connect it to another computer so they can harvest your data.

•    LiveCD Attack

If a malicious user boots from an alternate Operating System, either from hard drive or from a removable device such as a LiveCD the disk contents cannot be read.

•    End of Life Leakage

When you re-cycle or dispose of your computer, your data remains encrypted as long as you delete the encryption codes.

Bitlocker does not protect ...

It is a misconception that your password unlocks Bitlocker. Any valid user logging in to the computer decrypts the disk. To protect your computer, you have to make sure that all the users who may log in to it require passwords. Disable all guest login accounts from a BitLocker computer, otherwise hard disk encryption is of no use.


Encrypting macOS devices 

CDU ITMS does not provide support and software to macOS devices.

If you conduct your research on macOS, see this Apple support article. You can create and locally store a recovery key, or from OS X 10.10.5 onwards store this key in your iCloud account.

Read more about Protecting your Mac information with encryption on the macOS user guide.



BitLocker-encrypted drives/volumes can't be accessed from non-Windows operating systems such as Linux or Mac, or older versions of Windows, including XP.

Encrypting an external drive or some removable media using a particular platform/operating system will likely tie it to that platform – for example, a drive encrypted with Windows BitLocker can't be unlocked and read on MacOS.

If you forget or lose the password/passphrase used to encrypt a device in this way, data will not be retrievable.

ITMS can only provide support and assistance on devised provided and managed by CDU.



Recovery Mechanism

A forgotten or lost encryption passphrase or recovery key means you will permanently lose the ability to decrypt and access the encrypted data. For CDU ITMS-managed devices, recovery keys for Windows BitLocker can be managed by CDU ITMS. 

For non-CDU ITMS managed and personal devices, you should store encryption passphrases and recovery keys in a secure and accessible location or service, such as 1Password. CDU ITMS can provide the licence to 1Password upon request through LogIT, provided it is supported by your line manager or a supervisor. 




• Strong passwords are crucial

• Avoid using weak or easy-to-guess passwords and reusing passwords

• Consider password managers, complex passwords or stringing words together to create stronger passwords

It is recommended to use:

  • at least eight characters  or more;
  • contain three of: uppercase characters, lowercase characters, numbers, punctuation/special characters and;
  • not contain or be based on your CDU single sign-on password, account name, your name, or something that can be readily guessed.

• But, remember that you need to be able to remember the passwords!

 Why does this matter?

No matter how good the encryption is that you used, if you use a weak password, the encryption will offer little protection.

A simple way to pick a resilient password that you can remember is to combine at least three or four random unrelated words of four letters or more. In general, the longer the password, the more secure it is.


Charles Darwin University acknowledges the traditional custodians across the lands on which we live and work, and we pay our respects to Elders both past and present.
CRICOS Provider No: 00300K (NT/VIC) 03286A (NSW) RTO Provider No: 0373 Privacy StatementCopyright and DisclaimerFeedback • ABN 54 093 513 649