Skip to Content

University Technology Services


Sensitive Data Discovery and Remediation

The first step in determining the appropriate safeguards for a resource is to identify the sensitivity of data it stores or handles. To this end, the University Information Security Office (UISO) has made available a data discovery and remediation software, Spirion (formerly Identity Finder), to assist USC faculty/staff, and organizational units in identifying and remediating sensitive data on computers and servers. USC has licensed the software for enterprise and home use for all faculty and staff in the eight-campus system. Computers that store confidential or restricted data are considered high risk. The compromise or loss/theft of one of these computers will likely result in unauthorized access resulting in a data breach.

 

What is Spirion?

Spirion is a software program that searches computers, attached storage devices, and network file shares for Personally Identifiable Information (PII) such as credit card, social security, and bank account numbers. End-users can remediate any PII findings on their local computer. Remediation options include the secure deletion, quarantine, or encryption of files. Any sensitive data that you no longer need for your day-to-day job should be permanently deleted.

How does Spirion work?

For personally owned computers, the end-user downloads and installs a software and initiates a scan. At the completion of the scan, you can remediate PII findings. USC has no visibility into these scans, scan results or the remediation actions taken on personal devices.

For enterprise computers, your security liaison will ensure enterprise computers have the agent installed.  They will initiate scans through the Spirion Enterprise management console. At the completion of the scan, you will receive a pop-up notification requesting that you remediate any PII findings. You will also be able to run scans using the application interface on your computer.

Do I have to use Spirion?

Data discovery and classification are required by the State of South Carolina’s Information Security Program.  The University of South Carolina's Spirion implementation meets that requirement and ensures the university is compliant.

What is Spirion looking for?

USC’s focus is on discovering and remediating ABA bank routing, credit card, and social security numbers on USC enterprise computers. It is also recommended that personally owned computers used for work are scanned. Security liaisons and end-users can configure scans to find the following data:

  • Social Security Numbers
  • Credit Card Numbers
  • Passwords
  • Health Information
  • Bank Account Numbers
  • Driver License Numbers
  • Dates of Birth
  • Phone Numbers
  • Other (using pattern matching)

How do I get Spirion?

Enterprise and Home use versions for Windows, Mac OS X, and Linux are available on software distribution

What happened to Symantec DLP?

Symantec DLP was hugely successful with over 10,000 installations in the eight-campus system. However, Spirion replaces Symantec DLP for the following reasons:

  1. The notification and remediation of sensitive data proved difficult with Symantec DLP as the software did not have a client GUI requiring the results and notifications to be centrally managed. Symantec DLP did not provide a way to remediate PII findings.
  2. The new SC State security and privacy standards require the university to classify sensitive data sets. This feature is included in Spirion.
  3. Spirion is licensed for enterprise and home use and supports Bring Your Own Devices (BYOD).
  4. Addresses the privacy concerns expressed by faculty and staff.
  5. Symantec DLP did not support Linux, and the MAC OSX performance was poor.

Solution

Spirion Logo

Spirion

Spirion solves today's data protection challenges by giving you the tools needed to safeguard sensitive data against the sophisticated, intrusive and hard to defend attacks that are the most costly.

Quick Links