Frequently Asked Questions

Owned by Former user (Deleted)
Last updated: Oct 12, 2012 by Rebecca.DeweyVersion comment

About Identity Finder

What is new about this version of Identity Finder?

UIT is rolling out and offering an Identity Finder console version that provides a view of scan results for your entire department, school, or division. As Information Stewards, you can work with your colleagues to determine if you’d like to opt into the system. It is not a required change and UIT will continue to support the individual version that is currently in use.

Why should we opt in?

Manually running Identity Finder on workstations and laptops can be tedious. The new, centralized version enables administrators (Information Stewards or their delegates) to scan multiple computers automatically. The scan can run in the background with negligible performance impact on the user’s computer. This change will make Identity Finder a managed service rather than an individualized effort, reducing risk and making compliance easier and more cost effective.

OK, my department has decided to opt in. Now what?

Since you are interested in switching to the console version of Identity Finder, please contact Ben Walther in UIT for more information. UIT will work with you to deploy the upgrade and promote awareness. We propose a three-week adoption schedule, to allow for time to increase awareness and foster communication. During those first weeks, we’d suggest:

1.       An email to directors and managers about Identity Finder with an opportunity to address concerns and questions

2.       A week later, an email to staff about Identity Finder with an opportunity to address concerns and questions

3.       A week to distribute a follow-up to any concerns or questions that were raised (assuming the issues do not block deployment)

4.       Executing the first scan and communicating results the following week, a month after the initial communication to directors.

UIT suggest running scans monthly for the first quarter. After the initial phase, scans can be performed quarterly.

Will Identity Finder collect or report the sensitive information found to the Information Stewards?

No, Identity Finder will not record actual sensitive information. It will report the location and name of the file as well as what type of data it has found. For example, it will say it has found a social security number in the file “Tax Return 2011.pdf”. This allows Information Stewards or their delegates to report the files holding data without compromising the user’s privacy.

Will the Information Steward be able to view, edit, or delete the sensitive data from other users’ computers?

No, the centralized console will not be able to view, edit, or delete data. The Information Stewards or their delegates must work with the individual end-users to clean up any files.

Can Identity Finder be used on computers using LanDesk?

Yes, it can be deployed automatically on computers which are already running LanDesk. Computers which do not use LanDesk will need to install manually. Normal operation should be invisible to the end-users.

What do the scan results mean?

Results indicate that Identity Finder found numbers that look like social security numbers or financial account information. These are often false positives - numbers that appear similar but are not actual sensitive information. Identity Finder will also report student ID numbers (starting with 991) as social security numbers. While not legally protected, such numbers usually indicate other student records, which may be covered under FERPA.

A scan result does not mean the user violated policy or is in any “trouble.” This exercise is to reduce risk, not audit compliance, and anyone participating is to be commended.

What is Shredding and what will it do to my files?

Shredding will permanently and securely delete the file containing the piece of sensitive information that IdentityFinder has found. It will completely remove the file and you will not be able to recover it. Only use the Shred feature if you do not need the file and will not need to recover that information.

Identity Finder found a file I don’t recognize. Should I shred it?

Consider contacting your Frontline Support Provider or Information Steward before deleting files you do not recognize. IdentityFinder can accidentally flag numbers in files such as Microsoft Word or Windows as sensitive information. Shredding or deleting these files can damage your computer. An FSP or Information Steward can help you to identify these files and remove them from your search results.

What is the resolution if the console reports findings?

Should Identity Finder report that there is sensitive information on end-users’ computers, the Information Steward or their delegate should contact the user who owns the machine or their Frontline Support Provider. Identity Finder will not record actual sensitive information. It will report the location and name of the file as well as what type of data it has found. For example, it will say it has found a social security number in the file “Tax Return 2011.pdf”. This allows Information Stewards or their delegates to report the files holding data without compromising the user’s privacy. The Information Stewards or their delegates must work with the individual end-users to clean up any files. A scan result does not mean the user violated policy or is in any “trouble.” This exercise is to reduce risk, not audit compliance, and anyone participating is to be commended.

Is the scan noticeable on the client’s computer?

The impact on end-users should be minimal and the collective scan should be less noticeable than the previous individualized version. The scans are only run monthly and may be run less frequently in the future. If the user is doing something which requires heavy utilization of their computer, the scan may be noticeable.

Will individual users have to execute scans?

No, the scan will be scheduled to run automatically in the background. The monthly scans will be executed through the centralized console by an Information Steward or their delegate. Users have the option of running a scan any time they want and viewing the results, which will also be automatically uploaded to the console server. If the user does not want results reported to the console server, they can still run the individual version of Identity Finder.

What responsibilities will Frontline Support Providers have for supporting Identity Finder?

Frontline Support Providers may be asked to install Identity Finder for users who do not have admin credentials and are not on LanDesk. They also may be contacted if a particular user has a large cache of data on their machine and needs help locating and verifying the information. Should Frontline Support Providers need support, they can contact Information Security for assistance with any of these activities.

What if a user has existing customized settings?

Should a user have existing customized settings, Information Security would like to talk to the users about their settings. They should not be overwritten by the centralized console. If they are beneficial or help to produce more useful or accurate findings, they could be implemented centrally for the benefit of entire departments.

How many users are Information Stewards or Frontline Support Providers going to contact each time results are reviewed?

We recommend that the Information Stewards use a ‘risk based’ approach and only contact a fixed number of people with the largest caches of sensitive information. For example, the list of findings could be sorted by UTLN and the Information Steward or their delegate could contact the top 10 end users. With repeated monthly or quarterly reviews, top users should cycle out of the list as they remove unnecessary information from their machines or it is noted that the sensitive information is important for their role or position.

What data does Identity Finder scan for?

Currently Identity Finder scans for social security, bank account, and credit card numbers. Personal configurations can be made to search for additional information, but these are not enabled by default.

How should we handle multiple accounts on one machine?

The central console will automatically scan the most frequent user's files. Old data is unlikely to be accessed but if you are worried about a former user, you can manually run as administrator on that computer. Old data is not the greatest threat and a current user is more likely to have sensitive data stored on a machine.

Example Use Case of IdentityFinder Console

Example use of the Identity Finder console

You have communicated details on the Identity Finder console and the appropriate stakeholders in your school have agreed to use this service. You have received credentials for the Identity Finder console from UIT and it has defined the group for which you (or a delegate) will be monitoring. Once this set-up work is done you undertake the following periodic work:

1.       It’s been a month since you last reviewed Identity Finder results, so you log into the console to check the recent, updated scan results since last time.

2.       You sort the results by the number of sensitive findings (positive “hits”) per computer. You don’t see the content of the “hits,” just the number of times that Identity Finder thinks it has found sensitive information.

3.       You notice that the distribution of findings is highly clustered around the top 4 machines---everything after those top 4 has only 1-2 results. You decide to focus on only those top 4 users this month.

4.       You see the usernames and file locations of the findings for the top four users, and jot them down.

5.       You personally know three of the users, and give them a brief phone call, explaining why you’re calling and what you see (and assure that you didn’t see what the information actually was). You confirm with the user whether or not the information really is sensitive or not---there are frequently false positives. You might re-iterate that this is not a disciplinary issue, just an effort to reduce accidental risk of exposure.

6.       The last user is an colleague who is not frequently available, so you communicate the status and situation in a ticket to your IT support specialist, requesting that they have the user contact you, or that the user confirm the status of the data on their own remotely.

7.       If you would like to track metrics or results of the Identity Finder effort, you might record the number of hours spent, results (both valid and invalid) reported, and sensitive information removed. Ideally all of these values should decline over time, providing concrete evidence of reduced risk in your department.

Information on the Tufts IT Knowledgebase is intended for IT Professionals at Tufts.
If you have a question about a Tufts IT service or computer/account support, please contact your IT support group.