Educause Security Discussion mailing list archives

Re: Tableau for Student's data Analytics

From: "Klein Keane, Justin" <Klein_KeaneJ () MLHS ORG>
Date: Tue, 22 Aug 2017 15:14:08 +0000
Hello,

  I responded to Ronald offline, but for the sake of everyone else, we are looking at Tableau as well, especially since 
a lot of vendors are now producing data that is formatted for the free Tableau Reader program.  This means that a lot 
of organizations (mine included) are now being asked to install Tableau Reader on workstations so that employees can 
ingest, review, and analyze data from third parties.  Evaluating Tableau Reader is difficult since we’re not a customer 
and Tableau has been completely unresponsive to our requests for details around the security of this program and 
potential impact on our security profile and overall risk assessment.

  I’m happy to share responses we get from Tableau, if we ever receive any, and would be keenly interested in anyone 
else’s experience.

Cheers,

Justin C. Klein Keane, MA MCIT CEPT C|EH
Security Architect
Enterprise Architecture and Security
Main Line Health Information Technology
https://www.mainlinehealth.org/
klein_keanej () mlhs org<mailto:klein_keanej () mlhs org>
484-596-2203

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Hart, 
Michael
Sent: Tuesday, August 22, 2017 11:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [EXTERNAL] Re: [SECURITY] Tableau for Student's data Analytics


This message originated from outside MLHS systems. Any attachments or links should be carefully considered before 
proceeding. Please contact the Help Desk at 484-596-4357 with any questions or forward a questionable email to HelpDesk 
() mlhs org<mailto:HelpDesk () mlhs org>

________________________________
The timing of this email is interesting.  I received it while I was in a meeting with our business intelligence and 
institutional research folks talking about how to securely utilize Tableau in their departments.

I’m also interested in hearing from any institutions with Tableau experience.  I’m hoping to involve our Data Warehouse 
team and DBAs to help us create appropriate processes and policies around Tableau.  Any input would be greatly 
appreciated.



Mike Hart  | CISO, Director of ITS Security, Infrastructure, and Networking
Metropolitan State University of Denver
Information Technology Services
Campus Box 96, P.O. Box 173362, Denver, CO 80217-3362
Admin Building - 1201 5th Street 480E  Denver, CO 80204
303-615-0541 (Office)
303-352-7548 (Help Desk)
mhart20 () msudenver edu<mailto:mhart20 () msudenver edu> | 
www.msudenver.edu/technology<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.msudenver.edu_technology&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=ME616t0g_T94hbJSA-g2hfoqYXONPe2jq876U9RRDao&e=>
[University_Formal_2CPos[1]]



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ronald 
King
Sent: Tuesday, August 22, 2017 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Tableau for Student's data Analytics

Good morning all,

We have been approached by Academic Affairs to participate in a project to possibly use Tableau for data analytics of 
our student (FERPA) data. We are looking at whether to have it hosted or on premises and potentially have a direct feed 
from our Student Information System (SIS).

While we have the expected concerns related to any cloud service accessing the SIS, what is really concerning is the 
access to student data. Red flags started to fly almost immediately. So, my questions to the group:

  *   Is anyone using Tableau for data analytics for enrollment data and student records?
  *   What privacy concerns do you have even if the student records are "de-identified?" (Even if we remove names, 
socials and student numbers, there are still ways to identify individuals based on other data sets.)
  *   Do we need student permission to provide their "de-identified" data to a cloud service?
  *   Is there any advise you can offer?
Please feel free to contact me directly via email or phone.

Thank you very much for your time.
Ronald A. King, CISSP
Chief Information Security Officer
Morgan State University                                                                                           
Office: (443) 885-3372
1700 E. Cold Spring Ln.                                                                                           
Email:  ronald.king () morgan edu<mailto:ronald.king () morgan edu>
Baltimore, MD 21251                                                                                 URL:    
http://www.morgan.edu<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.morgan.edu&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=mlC4-Qmn_AE8yzx_mWgERTenJfxKvKPf5nSXeP4M0Uw&e=>

                                                Growing the future ... Leading the 
world<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.morgan.edu_Documents_ABOUT_StrategicPlan_StrategicPlan2011-2D21-5FFinal.pdf&d=DwMGaQ&c=qqcbk_QeabW4Z7GBhIMNtn_B7aQjktEuWNmUvrzri9o&r=T6Gkm-QA6wMUGmtyL0hrMz5ZqqoLGv5jfrNlZvfp68Q&m=rXJgkYzA7Jw0ML7GQId4WErHLtr2hjqwbbgodSDLKLw&s=Ot4MvOH5C_MtCpIez8q4uNT68-tEGs0yqsAjbjtPmA0&e=>
Current thread:

Tableau for Student's data Analytics Ronald King (Aug 22)
- Re: Tableau for Student's data Analytics Hart, Michael (Aug 22)
  - Re: Tableau for Student's data Analytics Klein Keane, Justin (Aug 22)
    - Re: Tableau for Student's data Analytics Ronald King (Aug 22)