Versions Compared

Version Old Version 7 New Version Current
Changes made by

Rebecca.Dewey

Dan Modini

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Identity Finder Central

...

Console

UIT TTS is rolling out and offering an Identity Finder console version that provides a view of scan results for your entire department, school, or division. The new system will allow Information Stewards to scan many computers and communicate results to their colleagues. It is not a required change and UIT TTS will continue to support the individual version that is currently in use. Manually  

Manually running Identity Finder on workstations and laptops can be tedious. The new, centralized version enables administrators (Information Stewards or their delegates) to scan multiple computers automatically. The scan can run in the background with negligible performance impact on the user’s computer. This change will make Identity Finder a managed service rather than an individualized effort, reducing risk and making compliance easier and more cost effective.

The centralized console will not be able to view, edit, or delete sensitive data. Instead, the console will only show the location of the sensitive file on the end user's machine. The Information Stewards or their delegates must work with the individual end-users to clean up any files.

Using the Console

...

Overview

Information Security recommends the following workflow to address users with the largest caches of sensitive information first. Detailed instructions on using the console follow but at a high level:

1. Identify users with the highest number of reported sensitive data matches. There are often false positives in Identity Finder, so these matches may not always be accurate. 

2. Review the file locations of search results for the top users you identified. Information Security recommends reviewing the top 5-10 users or reviewing all users with a certain number of matches or above. Use your judgement on whether these files contain University data or personal records. In either case, you should contact the user to inform them that they have this data; however, University data is of a higher priority from an institutional perspective. If you are sure that a file does not contain sensitive data, you can exclude it from the results or add it to the "Global Ignore List."

Navigate to the Identity Finder Console page at https://tftmvmidfind.tufts.ad.tufts.edu/Console/ and log in.

Image Removed

Once you have logged in select your division from the left hand column. Identity Finder refers to these group names as "Tags." Here you can view all the computers currently reporting Identity Finder results from your group to the console.

Image Removed

Open the "Reports" tab and from the "Reports List" choose "All Findings Grouped By User".

Image Removed

You will see a list of all the users in your department or group with results. Note the user or users with the highest number of results. 

Image Removed

Now open the "Results" tab and click on "Filter". 

Image Removed

Choose "Filter By User."

Image Removed

Then click on the ellipsis (...) to open a list of all UTLNs from your department or group. Scroll to find the user or users whose results you would like to review. Click the arrow to move their names into the review box.

Image Removed

After clicking "OK," a list of the results sorted by username will appear. If there are results you recognize as false positives, you can remove them from the list. Right click to choose "Remove" and then "Exclude Rows".

Image Removed

You will then be prompted to choose the rows you wish to exclude.

Image Removed

Once you have filtered the results to include only those which you believe contain sensitive data, call the end-user or users to notify them. You can give them the file locations so that they can view the files and choose to keep or delete them. Users are not required to remove the information from their computers.

Exporting Results and Scheduling Routine Scans

Remembering to run scans every month or quarter might be difficult. There is an option in Identity Finder to export results to a CSV file on a regular schedule. Though this will not give you access to the full functionality of the console, it is a convenient option. Receiving the export could also serve as a reminder to log into the console to review the results. To export a scan, first go to the Results tab and click Export.

Image Removed

Then enter the output name, email address, and subject for the email. Choose CSV as the output format. This will allow you to open the files in MS Word, Excel, or other text editors. After the form is complete, click "Schedule"

Image Removed

This will allow you to set a particular day and time that you would like to run the scans. Be sure to pick a day of the month or Identity Finder will scan every day. If you do not want to scan monthly, click on the ellipsis and choose the months in which you would like to scan. Information Security recommends running monthly or quarterly scans, as shown here. 

Image Removed

Image Removed3. If any potential sensitive data still remains, contact the user or users' support provider to help them locate and evaluate the contents of the files. In the majority of cases, the information is not necessary for the user's job or business and they are eager to remove sensitive information. If they need the information or would like to retain it for personal reasons, they will inform you and you can put those individual results on the "Exclude" or "Global Ignore List."

By reviewing the top 5 to 10 highest users every quarter, you will quickly eliminate the majority of unnecessary sensitive data in your division. The highest user typically holds over 50% of the sensitive data, so by removing or white listing those files, you can reduce your risk by half almost immediately. The 10 top users should change each quarter as you work with the members of your division to remove sensitive data.