<Insert Picture Here> Michael Haas Principal Solution Architect Oracle Higher Education Oracle’s Perspective on Data Privacy and Information Security within Higher Education
Jan 03, 2016
<Insert Picture Here>
Michael HaasPrincipal Solution ArchitectOracle Higher Education
Oracle’s Perspective on Data Privacyand Information Security within Higher Education
Copyright © Oracle Corporation 2007
This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development,
release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information
that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied,
reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement
with Oracle or its subsidiaries or affiliates.
Safe Harbor Statement
Copyright © Oracle Corporation 2007
Agenda
• The ‘World’ as we know it.
• Lessons Learned
• Best Practice
• Technology
Copyright © Oracle Corporation 2007
Top funding initiatives for Higher Ed.
• Endowments
• Attract Research Grants & Researchers
• Ability to attract/retain Faculty and Staff
• Fund-raising & Alumni campaigns
• Student Recruitment
Reputation is key to accomplishing these objectives.
Copyright © Oracle Corporation 2007
NameName TypeType ID’s ID’s ImpactedImpacted
UC Berkeley Stolen asset 98,400
Boston College Hacking 120,000
Northwestern Hacking 21,000
U of Utah Hacking 100,000
Cal State Hacking 59,000
U of Colorado Hacking 49,000
Univ of Chicago Insider Unknown
Tufts Univ Hacking 106,000
Carnegie Mellon Hacking 19,000
Georgia Southern Hacking 10,000’s
OSU Stolen asset 37,000
Kent State Hacking 100,000
U of Iowa Hacking 30,000
U of Hawaii Insider 150,000
2005 Examples
NameName TypeType ID’s ID’s ImpactedImpacted
Georgetown Hacking 41,000
Vermont State Hacking 14,000
U of Alaska Hacking 39,000
U of Texas Hacking 197,000
Ohio University Hacking 300,000
Ohio University Hacking 60,000
Western Ill Univ Hacking 180,000
U of Tenn Hacking 36,000
Northwestern Hacking 17,000
Georgetown Hosp
Hacking 30,000
UCLA Hacking 800,000
UT Dallas Hacking 35,000
U Minnesota Insider 13,000
2006 Examples
Source: Privacy Rights Clearing House August 5, 2006
Higher Education Identity Breach StatisticsMarch 2005 - Oct 2007
Number of Incidents: 125+
Several CIOs “re-assigned”
Identities Lost or Stolen: 5+ Million
1/3 to 1/2 of all Breaches in Higher Ed.USA Today
Copyright © Oracle Corporation 2007
Data Breach attacks the Reputation
Colleges are textbook cases for cybersecurity breachesAug 2, 2006 – Colleges and Universities aren’t up to speed when it comes to safeguarding information on their networks. - USA Today (Front Page)
Breaches Can Cost MillionsApril 24, 2006 - UofTexas Hackers accessed records containing the identifies of 197,000 students, alumni, faculty staff and corporate recruiters.
Most People Fear the External Threat
Executive fired after theft of identifies. Cost over $9 million in legal expenses, notification, credit watches, etc.
But 70-% of Breaches are from Insiders
Patient’s identity stolen by Lab tech
Programmer steals & sells 112k identifies
Employee loses backup tape (130K identifies)
Value of Preventing a BreachLow End (Thousands)
● Embarrassment● Cost of a Credit Watch● Notification● Staff termination
High End (Millions)● Lost funding (Alumni, Grants)● Multi-Million Legal Fees● Notification, Credit Watch, etc.● Terminated Executives
Copyright © Oracle Corporation 2007
Source of Data Breaches
Hacked Systems
7%
Lost Laptop or device
35%
Third Party or
Outsourcer21%
Electronic Backup
19%
Paper Records
9%
Malicious insider or
code9%
Source: 2006 Annual Study: Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and
Preventative Solutions - Benchmark research conducted by Ponemon Institute, LLC.
Copyright © Oracle Corporation 2007
Potential Costs of a Security Breach(Assumes 5% of 2M Identities)
Source Cost Per Individual Total (in Millions)
AIG – Chronicle of Higher Education $10 $1.0
Tech 404 Data Loss Cost Calculator** $116 $11.6
Educause – Ponemon Institute $182 $18.3
Copyright © Oracle Corporation 2007
Why are Universities being Targeted?
• De-Centralized Environments/Systems
• Multitude of Administrative/Academic/Research Systems
• Spanning Multiple Campuses/Countries
• Open Culture of Information Sharing• Including External Research Partners
• Supporting a Diverse Constituent Base
• Not all data is under IT control
Hackers receive: $14 per SSN - USA Today
Thousands of new SSN’s each Semester
Copyright © Oracle Corporation 2007
Information being breached
27%
15%8%
32%
22%
5%
27%
0%
10%
20%
30%
40%
Stude
nt p
erso
nal in
fo
Emplo
yee
pers
onal in
fo
Financia
l dat
a
Course
mate
rial
Research
Med
ical r
ecor
ds
None o
f the
abov
e
Source: Eduventures survey 2007
Copyright © Oracle Corporation 2007
Current Security Approaches
Security MethodEffectiveness in Data Privacy Risk Remediation & General Issues
TrainingEssential, but need to implement learning in a consistent way
Policies & Procedures Essential, but very difficult to enforce & monitor
Monitoring & AuditsEssential, but doesn’t stop security breaches from happening
Application Security Essential, protects the front door but not the back
Elimination of InfoMost effective, but very difficult to completely eliminate SSNs
Automated ControlsEffective, but must be implemented in ways that least impact systems & business ops
Manual Controls Less effective due to human error
Copyright © Oracle Corporation 2007
The Path Forward: Lessons LearnedPolicies & Procedures
• Difficult to gain buy-in
• Difficult to enforce (especially manual ctrls)
• Training is expensive
• Difficult to maintain (people / environs. Chg)
Encryption
• ONLY protects Non- Authorized users
• Does not protect distributed & physical data
• Apps make it difficult to enable
• Many apps have to be modified to enable
• Difficult to enforce (especially within depts)
• Performance overhead
• Every technology handles it differently
Auditing
• Monitors after the event
• Performance overhead
• Burdensome to mine the various audit logs
Copyright © Oracle Corporation 2007
The Path Forward: Roll Your OwnChallenges
• Time consuming to implement
• No consistency on Alternate Identifier
• Apps have difficulting speaking with each other
• No one place for various users to find the Alt ID
• Multiple Match/Merge/De-Dup routines
• Protection of PII data is weakened due to multiple repositories, users accessing, audit logs, training.
• Challenges pose increased likelihood of subverting system.
Challenges
• Audit expense more difficult and expensive due to separate repositories
• On-Going maintenance much more expensive
• Policies are much more complex due to sensitive data being captured and stored in multiple repositories
• Dissemination and breach of sensitive data much more likely.
• DM/DW have difficulty in reconciling multiple Alt IDs
Copyright © Oracle Corporation 2007
Best Practiceand
Solutions
Copyright © Oracle Corporation 2007
The Insight Process(Campus Security)
• Understanding Program
• Agreement on Focus Areas & Agenda
DiscoveryDiscoveryWorkshopWorkshop
SolutionSolutionDesignDesign
RoadmapRoadmapPresentationPresentation
InviteInvite
Campus Identity Management InsightCampus Identity Management Insight
• University and IT Objectives, Challenges, & Needs
• Current and Future Landscape
• Evaluate University and IT Objectives
• Prepare Recommendations & Roadmap
• Observations and Recommendations
• Benefits, Roadmap, and Next StepsToday
RoadmapRoadmapUpdatesUpdates
• Periodic Updates to Roadmap
Copyright © Oracle Corporation 2007
IT Objectives Supporting University Goals
Establish leadership distinctiveness as a Professional Continuing Education University
MaintainLeadership
Distinctiveness
Key Objectives
Establish and Grow Research
Increase Caliber of Student Population
Meeting the infrastructure needs of an expanded role as a research University.
Extend leadership position in recruiting a higher quality student population
Increase the quality of services while at the same time reducing cost
University of xxxxx Goals
PACE
Copyright © Oracle Corporation 2007
What We Heard
“There are a lot of users in the system that are gone (from U of xxx).”
“There is a lack of process infrastructure.”
“Merging Identities is difficult."
“We don’t do a good job providing a consistent infrastructure for authorization.”
“There is not always a single authoritative source for every element of data.”
“Student Lifecycle management is kludgy. From being a prospect, when do I get a PID and an ONYEN?”
“We are so decentralized.”
“There are people that left 4 or 5 years ago…..still using email accounts.”
“It’s not that hard to create a duplicate PID. It can take a week and a half to resolve this issue.”
“We hope someone notifies us when someone leaves.”
“We have a lot of projects that are keeping us from what we should be doing.”
“We do admissions 62 different ways across campus.”
Copyright © Oracle Corporation 2007
Findings
Strengths
Identity Provisioning
Identity Administration
Access Management
Data Security
Copyright © Oracle Corporation 2007
Strengths
Strengths to Leverage
• U of (xxxxx) has been remediating SSNs for several years.
• University executive management is solidly behind IT efforts to secure sensitive personal information.
• Existing policies are well-documented.
• There is institutional cooperation in addressing PII and other security concerns.
Copyright © Oracle Corporation 2007
Key Observations and Findings
• Identity Management (IdM) vision and roadmap are solid.
• U of xxx was an early adopter of SSN remediation and alternate ID implementation (i.e., PID).
• U of xxx knows they want to move to a vendor solution to enhance manageability and solidify their Identity Management implementation.
• U of xxx has built a solid central authentication service with a manageable system leveraging unique identifiers.
• Despite the varied application platforms in place (e.g., Mainframe, web-based), many applications use the central authentication model.
• U of xxx has built a strong meta directory foundation.
U of xxx Strengths to Leverage
• The current identity management process establishes account creation, but authorization is manually assigned in each system.
• There is no comprehensive reporting (or centralized audit logs) that is able to show who has access to what.
• The 12 professional schools and Health system are doing their own things around Identity Management.
• There is no process for managing a users role change from student, faculty, and or staff or any combination of those roles.
• There is no scalable system to manage central authorization for applications or a method to enable role based authorizations policies.
• There is no central service to provide automated provisioning and deprovisioning.
• Password resets can take an extended amount of time and can result in lost productivity.
• Identity management self service are decentralized and are not easy to use.
• End-users experience multiple log-ons across multiple applications.
Identity Management Findings
Data Security Findings
• Generic IDs are being shared by multiple developers and/or DBAs.
• Encryption of sensitive data at the database level (and backups) is not widely implemented.
Copyright © Oracle Corporation 2007
Identity Provisioning
Observations• Current account provisioning system is custom
code, which can be difficult to extend, scale, and maintain.
• Beyond user creation, requesting and provisioning of authorization is mostly manual.
• Deprovisioning of users is a manual process and is done on a discretionary or “one off” basis.
• The majority of request and approval processes are manual.
• Current Identity Management approach is primarily a user account creation system.
• Current PID system lacks sufficient match/ merge functionality, resulting in duplicate IDs.
The existing system provides for user creation but does not support full “life cycle” operations around request management and approval workflow.
KEY FINDING
• A partial provisioning system implementation lacks consistent end to end view of who has access to what. This creates significant risks regarding deprovisioning and auditing.
IMPLICATIONS
Recommendations• Implement the provisioning functions of a
comprehensive Identity Management solution.• Utilize provisioning system mechanisms to
automate user “life cycle” management.• Self service access requests, delegated
administration, and access approvals should all be workflow-enabled.
• Consider SSN remediation solution with an improved merge/match capability to eliminate duplicate IDs.
Copyright © Oracle Corporation 2007
Observations• There is limited real time visibility into what
access rights a user has across the University.• While many applications “authenticate” against
the central directory, all “authorization” is managed within the individual application.
• As users roles change (i.e., student to faculty to staff) there is no automated way to manage access to applications.
• There is currently no system that stores all user access rights and who granted that access (who has what access rights, and why?).
Current Identity Management provides for limited capabilities of centralized user authorization, with no easy method to audit or report on user access rights.
KEY FINDING
• Unauthorized access to XXX’s applications and/or data by outsiders, ex-students or employees introduces significant risk.
IMPLICATIONS
Recommendations• Implement the authorization functions of a
comprehensive Identity Management solution.• Leverage a central authorization engine to
enforce role/rule-based security policies across all applications.
• Track user access data in a way that can be reported on or audited in a streamlined manner.
• Support compliance requirements by providing infrastructure to report on “who has access to what” in real time or historically.
• Use a standards-based authentication and authorization model to simplify new application/ services integration and access control.
Access Management
Copyright © Oracle Corporation 2007
Data Security
Observations• XYZ U is provisioning users to multiple LDAP
and database stores. • XYZ U is manually provisioning/deprovisioning
database user IDs.• Sensitive data is generally being written to disk
and backup tapes in clear text. • SSNs are carried into downstream systems
(such as the DW) in order to resolve problems with duplicate PIDs.
• It is difficult to audit/validate database access. Global DBA access, as well as manual deprovisioning, introduces an increased risk of security breaches.
IMPLICATIONS
Recommendations• Implement an automated provisioning solution
for LDAP and database user IDs. • Implement a Global/Enterprise directory
approach for Database and LDAP users. • Consider implementation of a virtualized
directory, to centrally manage all users regardless of user location.
• Consider utilization of available encryption and secure backup capabilities.
• Consider implementing Separation of Duty for Developers and DBAs.
In general, database accounts are manually de-provisioned. Further, generic accounts are being used by multiple developers and DBAs.
KEY FINDING
Copyright © Oracle Corporation 2007
DBMS Security
Observations• PII data currently resides in Oracle, Sybase,
SQLServer, FoxPro, MySQL, Cache (MUMPS), Informix, VSAM, and text file databases.
• Encryption and auditing of PII data is not consistent across DBMSs.
• Unprotected PII is copied to test and development environments.
• Extensive data transfer between systems.• Many custom built applications and shadow
systems are used for core fU of xxxtionality.
At least nine different database management systems that contain PII data are in use throughout the University.
KEY FINDING
U of (xxxxx) will spend more to secure their PII data than they would if they were standardized on a single DBMS platform.
IMPLICATIONS
Recommendations• Encrypt PII / sensitive data that is not used as a
primary or foreign key – at rest, in motion, and on backups.
• Implement database auditing on key data elements and develop a concise strategy for managing audit logs.
• Implement separation of duties methodology with regard to database administration and auditing.
• Provide masking of PII data in pre-production environments.
• Leverage campus license to unify DBMS while maintaining de-centralization.
Copyright © Oracle Corporation 2007
Personal Identifiable Information Protection
Best Practice
Copyright © Oracle Corporation 2007
Analysis
University ‘x’ Initiatives*
A. Implement user lifecycle provisioning/deprovisioning
B. Develop and implement a centralized audit strategy
C. Document, manage and enforce security policies and procedures
D. Develop a system-wide role management strategy
E. Create a centralized authorization repository
F. Develop formal data policiesG. Centralize and improve end
user self service functionsH. Consolidate directory views
with virtualizationI. Consider further securing
SSN information
Low
Complexity
Hig
he
st
Me
diu
mH
igh
Va
lue
High
“Targets”“Secondary
Targets”
E
A
F
H
C
D
G
B
*Initiatives are roughly listed by priority, but no strict priority or dependencies are implied. It’s just a list.
I
Copyright © Oracle Corporation 2007
Enterprise Campus Identity Management
DirectoriesCustom App
Systems & RepositoriesApplications
Purchased
Auditingand
ReportingPolicy and Workflow
EmployeesStudents FacultyVendors
External
Delegated Admin
Research & Distance Ed
Universities
Internal
Identity Management Service
Access Management•Authentication
•Authorization • Identity Federation
Identity Administration•Delegated Administration•Self-Registration & Self-Service•User & Group Management
Directory Services•Directory•Meta-Directory•Virtual Directory
Identity Provisioning•Unique Person Identifier•Direct target integration•Password Synchronization
Monitoringand
Management
HR
Data Security
WebWeb
Copyright © Oracle Corporation 2007
AccessAccessControlControl
Solutions
IdentityIdentityAdministrationAdministration
Authentication & Authentication & AuthorizationAuthorization
Single-Sign-OnSingle-Sign-OnFederationFederation
Web Services SecurityWeb Services Security
Delegated Delegated AdministrationAdministration
Self-Registration Self-Registration Self-ServiceSelf-Service
User & Group Mgmt.User & Group Mgmt.
DirectoryDirectoryServicesServices
VirtualizationVirtualizationSynchronizationSynchronization
StorageStorage
Identity Identity ProvisioningProvisioning
AuditingAuditingReportingReporting
Unique Person Unique Person IdentifierIdentifier
Target IntegrationTarget IntegrationPassword Password
SynchronizationSynchronization
ReconciliationReconciliationAttestationAttestationReportingReporting
Audit TrailsAudit Trails
DataDataSecuritySecurity
EncryptionEncryptionFine Grained AuditingFine Grained AuditingSeparation of DutiesSeparation of DutiesPolicy EnforcementPolicy Enforcement
Copyright © Oracle Corporation 2007
Desktop PII Protection
Observations• There are 50,000 desktops, more than 10,000
of which may have shadow systems and/or extracts.
• Redaction is a labor-intensive, manual process.• SSNs, medical records, research documents
and other sensitive data exists on desktops.• U of xxxx is already investigating desktop PII
protection solutions.
Unprotected PII data exists on laptops, desktops and other mobile devices around the university.
KEY FINDING
35% of all breaches occur through loss or theft of laptops, desktops, or other personal devices.
IMPLICATIONS
Recommendations • Investigate and implement an Information Rights
Management solution to protect sensitive data and intellectual property (document sealing).
• Provide automated redaction capability.
Copyright © Oracle Corporation 2007
Data Movement
Observations• There are a large number of interfaces across U
of (xxxxx) that pass PII data, sometimes encrypted, but most times as non-encrypted.
• There has not been a consistent approach to developing and maintaining interfaces between systems.
• It is difficult to get a complete picture of the existing PII used in data integration.
No consistent approach for the amount of data movement and transformation of PII data between disparate systems.
KEY FINDING
Difficult to comply with stringent privacy and regulatory requirements and allows for a higher risk of a data breach.
IMPLICATIONS
Recommendations• Develop an institutional data integration
strategy that can support U of (xxxxx)’s de-centralized environment.
• Deploy an infrastructure that will provide a sustainable compliance strategy.
• Standardize on a tool that has the following:• Data integration in batch, real-time,
synchronous, and asynchronous modes. • Metadata repository for PII data attributes.• Rule-based engine.• Data cleansing and monitoring.
Copyright © Oracle Corporation 2007
SSNSSN
SSN SSN
3.Report, Convert
& Transmit
2.Secure & Manage
Privacy Vault
1.Capture, Convert
& Encrypt
SIS Feed
ADM
SSN Recipients
Optimal protection of sensitive data
Advance
Shadow
Prospect
SSN SSN
Oracle Data Privacy Shield
Copyright © Oracle Corporation 2007
SSNSSN
SSN SSN
3.Report, Convert
& Transmit
2.Secure & Manage
Privacy Vault
1.Capture, Convert
& Encrypt
Alt ID
Alt IDAlt ID
Alt ID
SIS Feed
SSN
SSN
Alt ID
ADM
Alt ID
Secure Web Services
Alt ID
Secure Web Services &
Process Integration
SSN
SSN Recipients
SSN
Alt ID
Optimal protection of sensitive data
Advance
Shadow
Other
Copyright © Oracle Corporation 2007
Oracle Identity Management Customers
Existing Customers Recent Wins
Copyright © Oracle Corporation 2007
Questions and AnswersQuestions and Answers