Identity Finder Central Console
UIT TTS is rolling out and offering an Identity Finder console version that provides a view of scan results for your entire department, school, or division. The new system will allow Information Stewards to scan many computers and communicate results to their colleagues. It is not a required change and UIT TTS will continue to support the individual version that is currently in use.
...
By reviewing the top 5 to 10 highest users every quarter, you will quickly eliminate the majority of unnecessary sensitive data in your division. The highest user typically holds over 50% of the sensitive data, so by removing or white listing those files, you can reduce your risk by half almost immediately. The 10 top users should change each quarter as you work with the members of your division to remove sensitive data.
Using the Console
The following is a guide to using the Identity Finder Console as well as an example workflow for identifying potential sensitive information and working with users to remove it. If you are an Information Steward and your department would like to opt in to using the system, contact Information Security for more information and log-in credentials. To add end users to the console, they must have the latest edition of Identity Finder (configured for the console) on their computer. Information Stewards or their FSPs can install the software on end-user computers from this file, which can be entered into the Windows Explorer browser: \\titan.tufts.ad.tufts.edu\software$\FSP\IdentityFinder\IdentityFinder Endpoint Clients for FSPs.
To begin, navigate to the Identity Finder Console page at https://tftmvmidfind.tufts.ad.tufts.edu/Console/ and log in.
Once you have logged in select your division from the left hand column. Identity Finder refers to these group names as "Tags." Here you can view all the computers currently reporting Identity Finder results from your group to the console.
The dashboard will display a number of options for quickly viewing scan results. It is recommended that you use the "Unprotected Matches by Endpoint," which will generate a graph on the top 10 users' computers in your group. This option allows you to quickly zero in on those users with the most sensitive information. These are the people you should try to work with to remove the data each quarter.
When opened, the graph will resemble the one below. There will be a key with the computer name - you can find out the owner's details on the next page. You can click on any computer's area of the chart to see a list of all their matches. There is also a key (not shown here) which shows the computer name and number of matches. You can also select a computer from this list to see a detailed list of their results.
The list of results for the individual computer will open. If there are results you recognize as false positives, you can remove them from the list. This will help you get a better sense of who has sensitive data and if you should be talking to that particular user. Right click to choose "Remove" and then "Exclude Rows".
You will then be prompted to choose the rows you wish to exclude.
Once you have filtered the results to include only those which you believe contain sensitive data, call the end-user or users to notify them. You can give them the file locations so that they can view the files and choose to keep or delete them. Users are not required to remove the information from their computers.
Exporting Results and Scheduling Routine Scans
Remembering to run scans every month or quarter might be difficult. There is an option in Identity Finder to export results to a CSV file on a regular schedule. Though this will not give you access to the full functionality of the console, it is a convenient option. Receiving the export could also serve as a reminder to log into the console to review the results. To export a scan, first go to the Results tab and click Export.
Then enter the output name, email address, and subject for the email. Choose CSV as the output format. This will allow you to open the files in MS Word, Excel, or other text editors. After the form is complete, click "Schedule"
This will allow you to set a particular day and time that you would like to run the scans. Be sure to pick a day of the month or Identity Finder will scan every day. If you do not want to scan monthly, click on the ellipsis and choose the months in which you would like to scan. Information Security recommends running monthly or quarterly scans, as shown here.
