Prestigious Northeast University
Forrest Gump famously compared life to a box of chocolates because you never know what you'll get. The same can be said for the security team at a prestigious university in the Northeast US. As part of a larger, university-wide IT security effort to extend and strengthen end-point protection, they deployed StealthAUDIT, STEALTHbits' sensitive data discovery tool, to find files on their network that included, among other items, social security numbers. What they found surprised them. The Information Security Administrator responsible for the sensitive data discovery scan explains, “We found a number of social security numbers in TurboTax forms that were stored on shared drives. Some our faculty and staff were doing their taxes on University-issues computers”
Most likely unbeknownst to the faculty and staff, those tax forms were automatically backed up to the University's file shares even though they were saved on local hard drives, a policy remnant from the days when computer hard drives failed frequently.
“StealthAUDIT not only found the sensitive data, bit it also shed light on our users' behavior,” added the Security Admin. “There are a number of examples where the location, type, and number of sensitive files StealthAUDIT found illuminated the behavior of our users, some of it not good”.
StealthAUDIT has given the security team a new tool to effectively manage their infrastructure. The University has been using StealthAUDIT for about 18 months, and when asked how they located and remediated sensitive data files before using the product, they answered, “we didn't.” They added, “With StealthAUDIT information, we have tangible data to present to our 'customers' / end users to jump start a conversation about security.”
Other products were evaluated before settling on StealthAUDIT, including IdentityFinder, but their complexity and cost eliminated them as options for the University. “StealthAUDIT is providing us an excellent vehicle to perform remote scans.”
- Prominent University
- Approximately 10,000 students
- 1,800 faculty and staff
- Sensitive data discovery effort part of larger endpoint security initiative
- Using StealthAUDIT to identify SSN, CC, and passwords
- “StealthAUDIT is providing us an excellent vehicle to perform remote scans.”
- “We didn't”[when asked how they found sensitive data before StealthAUDIT]