Re: IdentityFinder - Data Discovery Software

[Ben Woelk <fbwis () RIT EDU>]

At the Rochester Institute of Technology, we are completing our third year of enterprise use of Identity Finder 
software for ~3400 faculty and staff. It's not a short-term effort.

To increase our likelihood of success, we made sure we built robust processes for remediation as part of our deployment.
•       We have managed remediation by working through "business reps" in our organizational units and with technical 
reps/centralized IT to ensure that the agent is installed where it needs to be.
•       Most users get monthly scans of their endpoints that we initiate.
•       We furnish monthly reports to the business reps and they work with end users to ensure that they remediate the 
private information found.
•       We provide additional deskside support, leveraging our co-op students, focused on those with a large amount of 
unprotected matches for those individuals who request assistance (or whose business rep requests assistance).
•       We use the exception process we established for our security standards several years ago and track exceptions 
in Footprints.
•       When advantageous, we've excluded certain file types, etc. to reduce the rate of false positives.

We are currently in a gap closure mode to ensure that the agent is installed where it should be. We have used Identity 
Finder to make significant progress in reducing the amount of unprotected PI.

At the 2011 Security Professionals Conference, I presented as part of a panel on remediating Private Information. Those 
resources are at 
http://www.educause.edu/events/security-professionals-conference/2011/way-too-much-private-information-how-were-fixing-problem-our-place

Our user resources can be found at www.rit.edu/security<http://www.rit.edu/security>. Choose the PIMI dropdown menu to 
access the resources. If you need more info on our process or technical best practices, please let me know.



Ben Woelk '07
Private Information Management Initiative Project Manager
Policy and Awareness Analyst
Information Security Office
Rochester Institute of Technology
ROS 10-A204
151 Lomb Memorial Drive
Rochester, New York 14623
585.475.4122
585.475.7920 fax
ben.woelk () rit edu<mailto:ben.woelk () rit edu>
http://security.rit.edu/dsd.html

Become a fan of RIT Information Security at 
http://rit.facebook.com/RITInfosec<http://rit.facebook.com/profile.php?id=6017464645>

Follow us on Twitter: http://twitter.com/RIT_InfoSec

CONFIDENTIALITY NOTE:  The information transmitted, including attachments, is intended only for the person(s) or entity 
to which it is addressed and may contain confidential and/or privileged material.  Any review, retransmission, 
dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other 
than the intended recipient is prohibited.  If you received this in error, please contact the sender and destroy any 
copies of this information.




-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kyle 
Crain
Sent: Thursday, August 29, 2013 9:12 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IdentityFinder - Data Discovery Software

Good Morning,

While we at Penn State do utilize the Identity Finder tool it should be noted that the case study being refered to is 
for The University of Pennsylvania which is a completely separate institution.

We at PSU did do a presentation at Educause 2013 titled "Data Loss Prevention in Higher Education" and while the 
presentation was ment to be product agnostic it gives a good overview of what our process looks like. If you are 
interested, a recording is available at 
http://www.educause.edu/events/security-professionals-conference/2013/2013/administration-data-loss-prevention-services-higher-education.

Thank you,

Kyle Crain
Systems and Network Security Analyst
Security Operations and Services
The Pennsylvania State University
http://sos.its.psu.edu


From: "Vern W Wilkins" <vwilkins () INDIANA EDU<mailto:vwilkins () INDIANA EDU>>
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Wednesday, August 28, 2013 5:01:02 PM
Subject: Re: [SECURITY] IdentityFinder - Data Discovery Software



We’ve found Identity Finder to be a very difficult tool to use efficiently, in a large enterprise environment. I’ll 
keep my response short and just say that I would not consider this tool enterprise-ready. It’s typical of software that 
is designed with the assumption that it will be installed and run by a single user, on their own machine. If a single 
user is going to use the tool, to scan data they are familiar with, and they have a lot of IT assistance, the tool 
works reasonably well. I would expect that most IT professionals would rather use the tool in a way that is more 
centralized and IT-managed, which in my opinion is where the software falls short.



In our environment (an academic library), the number of false positives we are seeing is very high. We have a 
tremendous number of documents containing numbers that have the same format as social security numbers and various 
credit card numbers. It’s very labor intensive, either on the part of IT staff, users, or both, depending on how you 
want to split the workload of installing and running the tool, dealing with results, and adjusting the configuration. 
Aggregating or separating results (depending on how you perform the scans and what is scanned) of a large number of 
scans is especially time intensive, as is managing exceptions. Although not necessarily a weakness of the tool itself, 
managing scans for multi-user resources has also been somewhat labor intensive for us. Examples include scanning 
workstations or departmental shares used by many people.



Because of the large number of difficulties we have encountered trying to have IT staff run and manage this centrally, 
we are now leaning more towards having users run the scans, and running our own scans from IT only as confirmation that 
the users are appropriately using the tool and taking action as needed. Obviously this still requires a great deal of 
user education and training, and IT staff will still need to provide a lot of assistance.



The Penn State case study seemed to indicate that IT staff was going around and installing the software, and running 
the scans, which just seems to reinforce our experience that there’s not a very efficient way to use this tool in a 
large, complex, environment. I don’t see any mention in the Penn State study of how results were handled, how 
exceptions were managed, etc. I assume that this would all be done with the help of IT staff, at the time of the first 
scan, which would add tremendously to the time commitment.



Vern Wilkins

Manager Library Technologies Core Services

Indiana University Libraries

Bloomington, IN





From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () listserv educause edu] On Behalf Of Carlos 
Lobato
Sent: Monday, August 19, 2013 3:47 PM
To: SECURITY () listserv educause edu<mailto:SECURITY () listserv educause edu>
Subject: [SECURITY] IdentityFinder - Data Discovery Software





Hello All,



Here at New Mexico State University we are thinking in evaluating
IdentityFinder, but we would like to hear from those of you who are using
another similar tool.



If you are using a tool similar to IdentityFinder please let us know the
name of the tool, how long you have had it and if you are satisfied.



Thanks in advance,




Carlos S. Lobato, CISA, CIA

IT Compliance Officer



New Mexico State University

Information and Communication Technologies

MSC 3AT PO Box 30001

Las Cruces, NM 88003-8001



Phone: 575-646-5902

Fax: 575-646-5278



Email: clobato () nmsu edu<mailto:clobato () nmsu edu>