Skip to Content

Division of Information Technology

Sensitive Data Discovery and Remediation

The first step in determining the appropriate safeguards for a resource is to identify the sensitivity of data it stores or handles. To this end, the University Information Security Office (UISO) has made available a data discovery and remediation software, Spirion (formerly Identity Finder), to assist USC faculty/staff, and organizational units in identifying and remediating sensitive data on computers and servers. USC has licensed the software for enterprise and home use for all faculty and staff in the eight-campus system. Computers that store confidential or restricted data are considered high risk. The compromise or loss/theft of one of these computers will likely result in unauthorized access resulting in a data breach.

Spirion is a software program that searches computers, attached storage devices, and network file shares for Personally Identifiable Information (PII) such as credit card, social security, and bank account numbers. End-users can remediate any PII findings on their local computer. Remediation options include the secure deletion, quarantine, or encryption of files. Any sensitive data that you no longer need for your day-to-day job should be permanently deleted.

For personally owned computers, the end-user downloads and installs a software and initiates a scan. At the completion of the scan, you can remediate PII findings. USC has no visibility into these scans, scan results or the remediation actions taken on personal devices.

For enterprise computers, your security liaison will ensure enterprise computers have the agent installed.  They will initiate scans through the Spirion Enterprise management console. At the completion of the scan, you will receive a pop-up notification requesting that you remediate any PII findings. You will also be able to run scans using the application interface on your computer.

Data discovery and classification are required by the State of South Carolina’s Information Security Program.  The University of South Carolina's Spirion implementation meets that requirement and ensures the university is compliant.

USC’s focus is on discovering and remediating ABA bank routing, credit card, and social security numbers on USC enterprise computers. It is also recommended that personally owned computers used for work are scanned. Security liaisons and end-users can configure scans to find the following data:

  • Social Security Numbers
  • Credit Card Numbers
  • Passwords
  • Health Information
  • Bank Account Numbers
  • Driver License Numbers
  • Dates of Birth
  • Phone Numbers
  • Other (using pattern matching)

Enterprise and Home use versions for Windows, Mac OS X, and Linux are available on software distribution

Solution

Spirion Logo

Spirion

Spirion solves today's data protection challenges by giving you the tools needed to safeguard sensitive data against the sophisticated, intrusive and hard to defend attacks that are the most costly.

Quick Links

Challenge the conventional. Create the exceptional. No Limits.

©