Educause Security Discussion mailing list archives
Re: Tableau for Student's data Analytics
From: "Klein Keane, Justin" <Klein_KeaneJ () MLHS ORG>
Date: Tue, 22 Aug 2017 15:14:08 +0000
Hello, I responded to Ronald offline, but for the sake of everyone else, we are looking at Tableau as well, especially since a lot of vendors are now producing data that is formatted for the free Tableau Reader program. This means that a lot of organizations (mine included) are now being asked to install Tableau Reader on workstations so that employees can ingest, review, and analyze data from third parties. Evaluating Tableau Reader is difficult since we’re not a customer and Tableau has been completely unresponsive to our requests for details around the security of this program and potential impact on our security profile and overall risk assessment. I’m happy to share responses we get from Tableau, if we ever receive any, and would be keenly interested in anyone else’s experience. Cheers, Justin C. Klein Keane, MA MCIT CEPT C|EH Security Architect Enterprise Architecture and Security Main Line Health Information Technology https://www.mainlinehealth.org/ klein_keanej () mlhs org<mailto:klein_keanej () mlhs org> 484-596-2203 From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hart, Michael Sent: Tuesday, August 22, 2017 11:10 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [EXTERNAL] Re: [SECURITY] Tableau for Student's data Analytics This message originated from outside MLHS systems. Any attachments or links should be carefully considered before proceeding. Please contact the Help Desk at 484-596-4357 with any questions or forward a questionable email to HelpDesk () mlhs org<mailto:HelpDesk () mlhs org> ________________________________ The timing of this email is interesting. I received it while I was in a meeting with our business intelligence and institutional research folks talking about how to securely utilize Tableau in their departments. I’m also interested in hearing from any institutions with Tableau experience. I’m hoping to involve our Data Warehouse team and DBAs to help us create appropriate processes and policies around Tableau. Any input would be greatly appreciated. Mike Hart | CISO, Director of ITS Security, Infrastructure, and Networking Metropolitan State University of Denver Information Technology Services Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362 Admin Building - 1201 5th Street 480E Denver, CO 80204 303-615-0541 (Office) 303-352-7548 (Help Desk) mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | www.msudenver.edu/technology<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.msudenver.edu_technology&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=ME616t0g_T94hbJSA-g2hfoqYXONPe2jq876U9RRDao&e=> [University_Formal_2CPos[1]] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ronald King Sent: Tuesday, August 22, 2017 8:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Tableau for Student's data Analytics Good morning all, We have been approached by Academic Affairs to participate in a project to possibly use Tableau for data analytics of our student (FERPA) data. We are looking at whether to have it hosted or on premises and potentially have a direct feed from our Student Information System (SIS). While we have the expected concerns related to any cloud service accessing the SIS, what is really concerning is the access to student data. Red flags started to fly almost immediately. So, my questions to the group: * Is anyone using Tableau for data analytics for enrollment data and student records? * What privacy concerns do you have even if the student records are "de-identified?" (Even if we remove names, socials and student numbers, there are still ways to identify individuals based on other data sets.) * Do we need student permission to provide their "de-identified" data to a cloud service? * Is there any advise you can offer? Please feel free to contact me directly via email or phone. Thank you very much for your time. Ronald A. King, CISSP Chief Information Security Officer Morgan State University Office: (443) 885-3372 1700 E. Cold Spring Ln. Email: ronald.king () morgan edu<mailto:ronald.king () morgan edu> Baltimore, MD 21251 URL: http://www.morgan.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.morgan.edu&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=mlC4-Qmn_AE8yzx_mWgERTenJfxKvKPf5nSXeP4M0Uw&e=> Growing the future ... Leading the world<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.morgan.edu_Documents_ABOUT_StrategicPlan_StrategicPlan2011-2D21-5FFinal.pdf&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=Ot4MvOH5C_MtCpIez8q4uNT68-tEGs0yqsAjbjtPmA0&e=>
Current thread:
- Tableau for Student's data Analytics Ronald King (Aug 22)
- Re: Tableau for Student's data Analytics Hart, Michael (Aug 22)
- Re: Tableau for Student's data Analytics Klein Keane, Justin (Aug 22)
- Re: Tableau for Student's data Analytics Ronald King (Aug 22)
- Re: Tableau for Student's data Analytics Klein Keane, Justin (Aug 22)
- Re: Tableau for Student's data Analytics Hart, Michael (Aug 22)