Members of Loyola's IT team: David Arnett, associate director of servers and storage; Louise Finn, CIO and associate vice president; Thomas Podles, director of infrastructure; and information security analyst David Opitz. Credit: Scott Sax
After a nearby university experienced a major data breach last year, Loyola University Maryland CIO Louise Finn sought to beef up data security at her institution.
Finn says her top priority was ensuring that any and all personally identifiable information that lived on the university's many systems was properly locked down. To do that, her team had to know where such information was at all times and who could access it.
That was a big challenge. "When you have to figure out where [this data] is embedded and put some controls on it, it's difficult to know where to start," she says.
To tackle the task, Loyola deployed DatAdvantage from Varonis Systems in 2014. The software extracts metadata from IT systems and uses it to map functional relationships among employees, data objects, content and usage. This analysis of user activity and business needs allows Finn's team to automatically determine which users need access to which data. And because the analysis and learning is ongoing and constantly updated, DatAdvantage can recommend that access be revoked for certain individuals as business needs change.
"It's giving us the ability to get visibility into our unstructured data," Finn says.
Since DatAdvantage was deployed, Loyola's IT team has been able to identify all instances of personally identifiable information. "Just being able to clean up our data was really valuable," says David Opitz, a senior security analyst at Loyola, who notes that the university was able to eliminate 80,000 Social Security numbers from its files.
Sign up for CIO Asia eNewsletters.