Educause Security Discussion mailing list archives
Re: IdentityFinder - Data Discovery Software
From: Kyle Crain <kdc12 () PSU EDU>
Date: Thu, 29 Aug 2013 09:11:31 -0400
Good Morning, While we at Penn State do utilize the Identity Finder tool it should be noted that the case study being refered to is for The University of Pennsylvania which is a completely separate institution. We at PSU did do a presentation at Educause 2013 titled "Data Loss Prevention in Higher Education" and while the presentation was ment to be product agnostic it gives a good overview of what our process looks like. If you are interested, a recording is available at http://www.educause.edu/events/security-professionals-conference/2013/2013/administration-data-loss-prevention-services-higher-education. Thank you, Kyle Crain Systems and Network Security Analyst Security Operations and Services The Pennsylvania State University http://sos.its.psu.edu From: "Vern W Wilkins" <vwilkins () INDIANA EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Wednesday, August 28, 2013 5:01:02 PM Subject: Re: [SECURITY] IdentityFinder - Data Discovery Software We’ve found Identity Finder to be a very difficult tool to use efficiently, in a large enterprise environment. I’ll keep my response short and just say that I would not consider this tool enterprise-ready. It’s typical of software that is designed with the assumption that it will be installed and run by a single user, on their own machine. If a single user is going to use the tool, to scan data they are familiar with, and they have a lot of IT assistance, the tool works reasonably well. I would expect that most IT professionals would rather use the tool in a way that is more centralized and IT-managed, which in my opinion is where the software falls short. In our environment (an academic library), the number of false positives we are seeing is very high. We have a tremendous number of documents containing numbers that have the same format as social security numbers and various credit card numbers. It’s very labor intensive, either on the part of IT staff, users, or both, depending on how you want to split the workload of installing and running the tool, dealing with results, and adjusting the configuration. Aggregating or separating results (depending on how you perform the scans and what is scanned) of a large number of scans is especially time intensive, as is managing exceptions. Although not necessarily a weakness of the tool itself, managing scans for multi-user resources has also been somewhat labor intensive for us. Examples include scanning workstations or departmental shares used by many people. Because of the large number of difficulties we have encountered trying to have IT staff run and manage this centrally, we are now leaning more towards having users run the scans, and running our own scans from IT only as confirmation that the users are appropriately using the tool and taking action as needed. Obviously this still requires a great deal of user education and training, and IT staff will still need to provide a lot of assistance. The Penn State case study seemed to indicate that IT staff was going around and installing the software, and running the scans, which just seems to reinforce our experience that there’s not a very efficient way to use this tool in a large, complex, environment. I don’t see any mention in the Penn State study of how results were handled, how exceptions were managed, etc. I assume that this would all be done with the help of IT staff, at the time of the first scan, which would add tremendously to the time commitment. Vern Wilkins Manager Library Technologies Core Services Indiana University Libraries Bloomington, IN From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Carlos Lobato Sent: Monday, August 19, 2013 3:47 PM To: SECURITY () listserv educause edu Subject: [SECURITY] IdentityFinder - Data Discovery Software Hello All, Here at New Mexico State University we are thinking in evaluating IdentityFinder, but we would like to hear from those of you who are using another similar tool. If you are using a tool similar to IdentityFinder please let us know the name of the tool, how long you have had it and if you are satisfied. Thanks in advance, Carlos S. Lobato, CISA, CIA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003-8001 Phone: 575-646-5902 Fax: 575-646-5278 Email: clobato () nmsu edu
Current thread:
- IdentityFinder - Data Discovery Software Carlos Lobato (Aug 19)
- Re: IdentityFinder - Data Discovery Software Valerie Vogel (Aug 20)
- Re: IdentityFinder - Data Discovery Software Wilkins, Vern W (Aug 28)
- Message not available
- Re: IdentityFinder - Data Discovery Software Kyle Crain (Aug 29)
- Re: IdentityFinder - Data Discovery Software Ben Woelk (Aug 29)
- Message not available
- <Possible follow-ups>
- Re: IdentityFinder - Data Discovery Software Volz, Donald D (Aug 29)