Presentation on theme: "April 21, 2008 Oracle Data Privacy Shield Insight Findings and Recommendations."— Presentation transcript:
April 21, 2008 Oracle Data Privacy Shield Insight Findings and Recommendations
Insight Approach What We Heard What We Observed Analysis & Recommendations Next Steps Agenda
2 The Insight Process Understanding Program Agreement on Focus Areas & Agenda DiscoveryWorkshop SolutionDesign Roadmap Presentation Invite Data Privacy Shield Insight University and IT Objectives, Challenges, & Needs Current and Future Landscape Evaluate University and IT Objectives Prepare Recommendations & Roadmap Observations and Recommendations Benefits, Roadmap, and Next Steps Today RoadmapUpdates Periodic Updates to Roadmap
Goals and Key Initiatives Student success Grow enrollment. Reduce Student withdrawal rated 18% want to be at 12%. One Maricopa Consistent student experience. Central student ID System Public Stewardship Continue to earn student trust. Be good stewards of Student data. Key Initiatives
Goals and Key Initiatives Tactical Plans Increase the number of students using SIS Improve Data Quality Enable staff to focus on high value activities PSFT upgrade Enable PSFT self service applications Phase out OLA Expand Common sign and explore single sign on
What we heard … “There seems to be some confusion between what is FERPA and what is Data Security” “Colleges have access to everything there is” “If we have a breach we would have to investigate regulations” “Policy is in Draft, but not implemented” “No breaches, we’ve been lucky” “Shadow systems are probably our biggest risk” “Encrypting would have been a wonderful solution.”
Key Observations and Findings Strengths to Leverage Student system is live. Continued focus and momentum around security initiatives. Security audit ongoing. Thorough understanding of Identity Management and associated issues with the current environment. Common authentication for several apps- EIMS Comprehensive understanding of PII usage. Strong Oracle knowledge in house, Apps and Tech Strong network and infrastructure controls
8 Personal Identifiable Information – Sources of Breaches or Outsource 21%
9 Potential cost exposure from a Security Breach AIG – Chronicle of Higher Education $10 per individual$ 1.0 M Tech 404 Data Loss Cost Calculator $116 per individual $ 11.6 M Educause - Ponemon Institute$182 per individual$ 18.3 M
Data Access Observations. Outsource help desk workers have access PII. Temporary employees have system access. Not all users have had FERPA or other policy training. Potential off shore access to PII if outsourcers move to a more inexpensive off shore labor model. External Access to sensitive Data KEY FINDING Non Maricopa employees accessing sensitive data pose exposure risk IMPLICATIONS Recommendations Finish activity on Data usage policies Allow external users only proper access to sensitive data Encrypt or remediate sensitive data, including SSN, both at rest and in transit. Considerations Breach will result in financial and reputation cost to the university. Sound security policies should be enforceable to all who access sensitive data
PII Remediation Observations SSN remains in many systems to satisfy campus business processes Colleges have full replications of central systems with out full controls Production data is cloned onto test and development environments Data masking is bypassed by Shadow system Sensitive information like ethnicity is masked in central systems but available in shadow system. Desktops/laptops or emailed reports may contain unchecked PII. PII is pervasive in Central and College systems KEY FINDING Each occurrence of SSN in greatly increases the likelihood that the data will be compromised. Increase exposure may stem from improper usage of PII. IMPLICATIONS Recommendations Implement a strategy to eliminate SSN from all systems, save for one centrally managed and secured repository. Challenge existing processes that require SSN at each campus Investigate Data masking technologies for PII stored in test and developments instances. Considerations The task of controlling PII access increases exponentially as number of storage locations increase Knowledge of a secure environment helps attract both highly qualified faculty and students.
12 Data Security Observations. Multiple Back up strategies. Some on as needed bases. All RMAN back ups are encrypted. No File level encryption Sensitive data is not encrypted at rest and backup strategies vary in security Reporting systems do not adhere to application security Production data is cloned onto test and development environments with PII No comprehensive deprovisioning process KEY FINDING IMPLICATIONS Recommendations Explore information life cycle management solutions (ILM) Expand use of SSO/CSO to additional applications and Reporting systems. Explore student life cycle management solutions Encrypt all sensitive data at rest and on backup media. Confirm data in motion encryption for all PII. Explore file encryption technologies. Inconsistent data security policies Minimally protected data, and the unrestricted access to that data by creates significant threat of compromise or breach. Considerations Data access left unresolved is a significant security risk. ECAR estimates potential financial impact of a breach is approximately $189-per-identity breached.
13 EIMS Identity Risks at Maricopa Community College Low Technical Risk High Low Business/Application Risk High SIS Relative # of SSN’s / ID’s RDS Legacy IRIS BDS LMS HR RDS CFS This approach illustrates a way to view enterprise identity risks across applications based on 2 criteria: Technical Risk: Risks associated with connectivity, encryption, replication, or other “pure” technical issues Business/Application Risk: Risks associated with application security, policies/controls, user groups, or other “business” issues
14 EIMS Identity Risks at Maricopa Community College Low Technical Risk High Low Business/Application Risk High SIS Relative # of SSN’s / ID’s RDS Legacy IRIS BDS LMS HR RDS CFS High application and technical risk – look to address in near-term through Oracle Data Privacy Shield (ODPS)
15 EIMS Identity Risks at Maricopa Community College Low Technical Risk High Low Business/Application Risk High SIS Relative # of SSN’s / ID’s RDS Legacy IRIS BDS LMS HR RDS CFS High business or technical risk – look to address in 6-12 month timeframe – through technical or procedure/process changes
16 EIMS Identity Risks at Maricopa Community College Low Technical Risk High Low Business/Application Risk High SIS Relative # of SSN’s / ID’s RDS Legacy IRIS BDS LMS HR RDS CFS Low business or technical risk – look for opportunities to retire or isolate
17 Next Steps Recommendations should be implemented in the following order: PII and SSN Protection from SIS- The greatest risk to MCCD secure business process is exposure to a PII breach. First order of business should be to guarantee protection and security of this information in SIS Governance and Policies*- The initial work around data governance and policies should be extended to comprise a system-wide governance process and oversee creation and enforcement of MCCS Policies and Procedures. Data masking on test and development systems * Encrypt Back ups and files * Investigate reporting solutions that mirror application security *These items could be implemented simultaneously, but established policies will drive some facets of the IDM implementation, particularly rules embedded within IDM software execution.
18 ODPS SSN Protection Solution Advantages All SSN’s are eliminated from source systems A centralized, singular repository for actual SSN’s and other sensitive data Multiple levels of encryption and database controls mitigate risks of both internal and external threats Minimal modifications of existing applications At-risk data is replaced with same type of formatted data – thus allowing applications to function as normal The risks associated with all types of data privacy breaches (lost laptops, hackers, information proliferation etc.) is reduced Addresses all risks: internal threats, external threats, incidental loss, malicious behavior, etc. Security policy is tremendously simplified “After initially providing your SSN, never provide your SSN ever again.”