Re: IdentityFinder - Data Discovery Software

[Kyle Crain <kdc12 () PSU EDU>]

Good Morning,

While we at Penn State do utilize the Identity Finder tool it should be 
noted that the case study being refered to is for The University of 
Pennsylvania which is a completely separate institution.

We at PSU did do a presentation at Educause 2013 titled "Data Loss 
Prevention in Higher Education" and while the presentation was ment to be 
product agnostic it gives a good overview of what our process looks like. If 
you are interested, a recording is available at 
http://www.educause.edu/events/security-professionals-conference/2013/2013/administration-data-loss-prevention-services-higher-education.

Thank you,

Kyle Crain
Systems and Network Security Analyst
Security Operations and Services
The Pennsylvania State University
http://sos.its.psu.edu


From: "Vern W Wilkins" <vwilkins () INDIANA EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Wednesday, August 28, 2013 5:01:02 PM
Subject: Re: [SECURITY] IdentityFinder - Data Discovery Software



We’ve found Identity Finder to be a very difficult tool to use efficiently, 
in a large enterprise environment. I’ll keep my response short and just say 
that I would not consider this tool enterprise-ready. It’s typical of 
software that is designed with the assumption that it will be installed and 
run by a single user, on their own machine. If a single user is going to use 
the tool, to scan data they are familiar with, and they have a lot of IT 
assistance, the tool works reasonably well. I would expect that most IT 
professionals would rather use the tool in a way that is more centralized 
and IT-managed, which in my opinion is where the software falls short.



In our environment (an academic library), the number of false positives we 
are seeing is very high. We have a tremendous number of documents containing 
numbers that have the same format as social security numbers and various 
credit card numbers. It’s very labor intensive, either on the part of IT 
staff, users, or both, depending on how you want to split the workload of 
installing and running the tool, dealing with results, and adjusting the 
configuration. Aggregating or separating results (depending on how you 
perform the scans and what is scanned) of a large number of scans is 
especially time intensive, as is managing exceptions. Although not 
necessarily a weakness of the tool itself, managing scans for multi-user 
resources has also been somewhat labor intensive for us. Examples include 
scanning workstations or departmental shares used by many people.



Because of the large number of difficulties we have encountered trying to 
have IT staff run and manage this centrally, we are now leaning more towards 
having users run the scans, and running our own scans from IT only as 
confirmation that the users are appropriately using the tool and taking 
action as needed. Obviously this still requires a great deal of user 
education and training, and IT staff will still need to provide a lot of 
assistance.



The Penn State case study seemed to indicate that IT staff was going around 
and installing the software, and running the scans, which just seems to 
reinforce our experience that there’s not a very efficient way to use this 
tool in a large, complex, environment. I don’t see any mention in the Penn 
State study of how results were handled, how exceptions were managed, etc. I 
assume that this would all be done with the help of IT staff, at the time of 
the first scan, which would add tremendously to the time commitment.



Vern Wilkins

Manager Library Technologies Core Services

Indiana University Libraries

Bloomington, IN





From: The EDUCAUSE Security Constituent Group Listserv 
[mailto:SECURITY () listserv educause edu] On Behalf Of Carlos Lobato
Sent: Monday, August 19, 2013 3:47 PM
To: SECURITY () listserv educause edu
Subject: [SECURITY] IdentityFinder - Data Discovery Software





Hello All,



Here at New Mexico State University we are thinking in evaluating 
IdentityFinder, but we would like to hear from those of you who are using 
another similar tool.



If you are using a tool similar to IdentityFinder please let us know the 
name of the tool, how long you have had it and if you are satisfied.



Thanks in advance,




Carlos S. Lobato, CISA, CIA

IT Compliance Officer



New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM 88003-8001



Phone: 575-646-5902

Fax: 575-646-5278



Email: clobato () nmsu edu