Sensitive Data Remediation (SDR)

What is the sensitive data remediation (SDR) program at UCSC?


The SDR program helps identify the location of sensitive information and simplifies any remediation and protection. This is one of many efforts to help identify and protect sensitive data at UCSC. Spirion software and the current functionality in use at UCSC is SSN scanning, if you have another need and are willing to test with us reach out by opening a support ticket.

What to Expect

If your division is using this tool you should expect that you will receive communication advising you of the tool and any special instructions your group or division wish to share. Then after installation, on a set day of the week/approximate time, the Spirion tool will run a scan. If the system is not on during the scheduled scan it will be attempted the scan when the system comes online. Sometime after the scan a report of the findings (minimal information will be provided to you and to your division or group liaison for the tool. At that point, each finding should be evaluated and remediated. As rescans will occur on a periodic basis (often weekly) if the found issue is resolved it will drop off the report. If it is not, you may be contacted to determine what if any action is required.

Scanning with Spirion

If requested by a division or department Business machines will be automatically scanned on a recurring basis and campus faculty and staff can request a system be scanned. If the computer is off during a scheduled scan, the scan should automatically launch the next time the computer is on. 

The configuration settings in Spirion are designed to optimize scan speed. In most cases, a performance difference should not be noticeable when Spirion is running.

Settings, such as scan frequency, can be configured for each unit based on their business needs via a support ticket.

Scanned Locations

Spirion searches the desktop, email, web browsers, as well as other areas where data is commonly stored.

Some areas are excluded from the search configuration to reduce false positives and improve scan speed. Additional exclusions can be configured for systems containing large data repositories and/or research data subject to regular modification if such storage areas/ files are known to not contain any reportable sensitive information.

Length of Scan

It is normal for the first Spirion scan to take up to a few hours to complete.

The duration of the scan time is tied to the amount of data stored on the system and the speed of the computer. Systems with small amounts of data will complete faster than systems that store large data sets. The first scan will always be the longest. Subsequent scans will only search files that are new or have been modified since the initial scan.

Some areas of systems are specifically excluded from scans during the configuration of the software to make the process more efficient. Security regularly reviews and revises the scanning configuration to improve scan speeds.

Improving Scan Performance

After the initial scan, Spirion will only scan new files or files modified since the previous scan. If your system contains research data modified on a regular basis, Spirion can be set up to exclude specific folders or data storage locations if these areas are known to not contain sensitive data.

If you experience long scan times or see large numbers of false positives, open a support ticket.

Data Remediation with Spirion

Once SSNs are found by Spirion, a report will be generated and sent to the relevant user(s) for remediation. Should the file be found to be containing actual SSNs the user(s) is/are expected to securely delete or remediate the information. First, by deleting the file and emptying the recycle bin, or using one of the advanced features of Spirion.  

Advanced Spirion Users

For advanced Spirion users who scan their machines manually, Spirion will automatically present these users with options for remediation:

  • Shred – permanently erase the file
  • Scrub – mask only the sensitive data match found in the file
  • Ignore – tell Spirion that the result is not sensitive (false positive) and not to display the file or match in the results again.

If Spirion finds a match, but you are unable to scrub or shred it, it is likely because the file is marked as read-only as a result of being a false positive in a system or application folder. It may also be a file in a location that you do not have full access to.

If you are certain the match is not sensitive, use the ignore option to mark the file as a false positive. This prevents it from displaying again on future scans. If you are unsure whether the file contains sensitive data, consult your local IT staff.

Spirion provides more information about the remediation process. Additionally, Security can assist with questions and concerns regarding the scanning process.

Eligibility

A limited number of licenses are available, funded by information security for departments or divisions that have access to and frequent use of PII. University-owned, managed or affiliated systems are eligible for scans. If you would like to find out more information about having your group use this tool, please open a support ticket at http://itrequest.ucsc.edu/, 459-HELP, help@ucsc.edu, and select PII Scanning, or Spirion in the keyword/category.

Availability and Prerequisites

Spirion ITS support is Monday-Friday, 8AM-5PM. However, scans can be performed during off hours, so as not to be intrusive to business operations. A system must be powered on to start a scheduled scan and a software client must be installed on every system being scanned. There are Windows, Linux, and Mac clients available. Our preferred installation is to push to systems via BigFix.

Policies

We adhere to all policies in providing and using this tool. Including minimum use policies to protect the privacy of users. The goal of this tool is to protect the PII of our Students, Faculty, Staff, and Affiliates.

Getting Help / Report an Incident

For questions about Spirion, including protecting or securely deleting PII, contact the ITS Support Center at http://itrequest.ucsc.edu/, 459-HELP, help@ucsc.edu, or in person M-F 8AM-5PM, 54 Kerr Hall, or

To report a suspected security breach or compromise involving PII, including the theft or loss of computing equipment that contained PII see: Report a Security Incident

FAQs

Search our Knowledgebase

Rev. Apr 2019