Educause Security Discussion mailing list archives
Re: IdentityFinder - Data Discovery Software
From: Ben Woelk <fbwis () RIT EDU>
Date: Thu, 29 Aug 2013 13:54:51 +0000
At the Rochester Institute of Technology, we are completing our third year of enterprise use of Identity Finder software for ~3400 faculty and staff. It's not a short-term effort. To increase our likelihood of success, we made sure we built robust processes for remediation as part of our deployment. • We have managed remediation by working through "business reps" in our organizational units and with technical reps/centralized IT to ensure that the agent is installed where it needs to be. • Most users get monthly scans of their endpoints that we initiate. • We furnish monthly reports to the business reps and they work with end users to ensure that they remediate the private information found. • We provide additional deskside support, leveraging our co-op students, focused on those with a large amount of unprotected matches for those individuals who request assistance (or whose business rep requests assistance). • We use the exception process we established for our security standards several years ago and track exceptions in Footprints. • When advantageous, we've excluded certain file types, etc. to reduce the rate of false positives. We are currently in a gap closure mode to ensure that the agent is installed where it should be. We have used Identity Finder to make significant progress in reducing the amount of unprotected PI. At the 2011 Security Professionals Conference, I presented as part of a panel on remediating Private Information. Those resources are at http://www.educause.edu/events/security-professionals-conference/2011/way-too-much-private-information-how-were-fixing-problem-our-place Our user resources can be found at www.rit.edu/security<http://www.rit.edu/security>. Choose the PIMI dropdown menu to access the resources. If you need more info on our process or technical best practices, please let me know. Ben Woelk '07 Private Information Management Initiative Project Manager Policy and Awareness Analyst Information Security Office Rochester Institute of Technology ROS 10-A204 151 Lomb Memorial Drive Rochester, New York 14623 585.475.4122 585.475.7920 fax ben.woelk () rit edu<mailto:ben.woelk () rit edu> http://security.rit.edu/dsd.html Become a fan of RIT Information Security at http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645> Follow us on Twitter: http://twitter.com/RIT_InfoSec CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information. -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kyle Crain Sent: Thursday, August 29, 2013 9:12 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IdentityFinder - Data Discovery Software Good Morning, While we at Penn State do utilize the Identity Finder tool it should be noted that the case study being refered to is for The University of Pennsylvania which is a completely separate institution. We at PSU did do a presentation at Educause 2013 titled "Data Loss Prevention in Higher Education" and while the presentation was ment to be product agnostic it gives a good overview of what our process looks like. If you are interested, a recording is available at http://www.educause.edu/events/security-professionals-conference/2013/2013/administration-data-loss-prevention-services-higher-education. Thank you, Kyle Crain Systems and Network Security Analyst Security Operations and Services The Pennsylvania State University http://sos.its.psu.edu From: "Vern W Wilkins" <vwilkins () INDIANA EDU<mailto:vwilkins () INDIANA EDU>> To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Sent: Wednesday, August 28, 2013 5:01:02 PM Subject: Re: [SECURITY] IdentityFinder - Data Discovery Software We’ve found Identity Finder to be a very difficult tool to use efficiently, in a large enterprise environment. I’ll keep my response short and just say that I would not consider this tool enterprise-ready. It’s typical of software that is designed with the assumption that it will be installed and run by a single user, on their own machine. If a single user is going to use the tool, to scan data they are familiar with, and they have a lot of IT assistance, the tool works reasonably well. I would expect that most IT professionals would rather use the tool in a way that is more centralized and IT-managed, which in my opinion is where the software falls short. In our environment (an academic library), the number of false positives we are seeing is very high. We have a tremendous number of documents containing numbers that have the same format as social security numbers and various credit card numbers. It’s very labor intensive, either on the part of IT staff, users, or both, depending on how you want to split the workload of installing and running the tool, dealing with results, and adjusting the configuration. Aggregating or separating results (depending on how you perform the scans and what is scanned) of a large number of scans is especially time intensive, as is managing exceptions. Although not necessarily a weakness of the tool itself, managing scans for multi-user resources has also been somewhat labor intensive for us. Examples include scanning workstations or departmental shares used by many people. Because of the large number of difficulties we have encountered trying to have IT staff run and manage this centrally, we are now leaning more towards having users run the scans, and running our own scans from IT only as confirmation that the users are appropriately using the tool and taking action as needed. Obviously this still requires a great deal of user education and training, and IT staff will still need to provide a lot of assistance. The Penn State case study seemed to indicate that IT staff was going around and installing the software, and running the scans, which just seems to reinforce our experience that there’s not a very efficient way to use this tool in a large, complex, environment. I don’t see any mention in the Penn State study of how results were handled, how exceptions were managed, etc. I assume that this would all be done with the help of IT staff, at the time of the first scan, which would add tremendously to the time commitment. Vern Wilkins Manager Library Technologies Core Services Indiana University Libraries Bloomington, IN From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Carlos Lobato Sent: Monday, August 19, 2013 3:47 PM To: SECURITY () listserv educause edu<mailto:SECURITY () listserv educause edu> Subject: [SECURITY] IdentityFinder - Data Discovery Software Hello All, Here at New Mexico State University we are thinking in evaluating IdentityFinder, but we would like to hear from those of you who are using another similar tool. If you are using a tool similar to IdentityFinder please let us know the name of the tool, how long you have had it and if you are satisfied. Thanks in advance, Carlos S. Lobato, CISA, CIA IT Compliance Officer New Mexico State University Information and Communication Technologies MSC 3AT PO Box 30001 Las Cruces, NM 88003-8001 Phone: 575-646-5902 Fax: 575-646-5278 Email: clobato () nmsu edu<mailto:clobato () nmsu edu>
Current thread:
- IdentityFinder - Data Discovery Software Carlos Lobato (Aug 19)
- Re: IdentityFinder - Data Discovery Software Valerie Vogel (Aug 20)
- Re: IdentityFinder - Data Discovery Software Wilkins, Vern W (Aug 28)
- Message not available
- Re: IdentityFinder - Data Discovery Software Kyle Crain (Aug 29)
- Re: IdentityFinder - Data Discovery Software Ben Woelk (Aug 29)
- Message not available
- <Possible follow-ups>
- Re: IdentityFinder - Data Discovery Software Volz, Donald D (Aug 29)