(by Cory Retherford, Spirion user)
I am a Solution Engineer for Spirion, LLC. My adventure using the data security software began in 2007 as the Indiana University Technology Services Manager for Student Enrollment Services. We had an organizational mission to provide a solution that would allow a better understanding of our data footprint and the types of data existing on our workstations, servers, and websites. As it happens, fate guided me to the Identity Finder software (these days known as Spirion – Sensitive Data Manager).
My first exposure to Identify Finder was in 2007 and I recall being impressed by the ease to create a custom installer for our workstations and how easy it was to review the data sent back from the managed devices. This was an empowering moment as a data steward and ultimately enabled the university with compliance (HIPPA and PCI-DSS), audit, all things data warehouse, and security. The software has continued to impress me by the quality of development and flexibility of settings. In May of 2015 I moved to an operational security engineer role to implement an enterprise adoption of the software at Indiana University and was successfully adopted. As a result of this experience my relationship with the Spirion support, sales, and leadership teams also matured. Having first-hand experience managing, implementing strategy, and the adoption of the product, it seemed that joining the Spirion team would allow me to share my real-world expertise with its customers and help with sales. Spirion asked me to join the team in 2017!
During the course of many years administrating the Spirion (formerly Identity Finder) Sensitive Data Manager client and web console services I acquired experiences managing large and small deployments in both centralized and decentralized managed environments. As result of these varied experiences I have gained great insight into varied architectural and implementation strategies, real world exposure to managing data, the value of reporting to make decisions, and strategic plans to ensure success by meeting compliance.
Success can be hard to measure, however, success of this software tool for me was the visibility gained by understanding where data resided, the classification (importance and sensitivity of the data), and the data types (SSN’s, CCN, and more). It allowed a better understanding of where data was located and the sensitivity of the data which facilitated strategic decisions.
In my experiences of Sensitive Data Protection implementations, success is measured differently for each organization. However, establishing good communications and setting expectations for the tools used will garner adoption by the End-Users. For Indiana University we saw in just a few years’ adoption of more than 20,000 deployed clients on Windows, Mac, and Linux devices. The efficiency to implement the software helped with adoption and deployment. The Sensitive Data Manager software helped me better understand the data footprint by recognizing patterns, interpreting business needs, and as a result supporting the allocation of resources dedicated to certain types of data such as file servers for HIPPA and PCI-DSS or for specific levels of data classification. This further led to organizational business process changes, for example enabling the SharePoint rights management services as a result of the Spirion data provided.
Remediation of the data is the ultimate goal and which the software provides flexibility to be creative in ways to meet your business goals. The changing tides of the cyber world and increased awareness of IT security, understanding the where, the type, and criticality of data has been in my security experiences the most enlightening aspect of being able to make informed decisions and improving IT security.
My hope is that as a security practitioner I can share my real world experiences using the Spirion Sensitive Data Manager in varied scenarios, provide encouragement, tips, architectural design, and provide useful decision points and guidelines for the decision makers as a new world of data discovery becomes possible. I am certain there are many components I have likely left out, however I will continue to add and modify resources to help make your deployment, adoption, and remediation as successful as possible.
I leave you with one thought, take a moment to think about this, “IT security ultimately results in an effort to protect the Human, that data contains.” Mind blown!
Visit Cory’s blog here.