Michael Haas Principal Solution Architect Oracle Higher Education Oracle’s Perspective on Data Privacy and Information Security within Higher Education

<Insert Picture Here>

Michael HaasPrincipal Solution ArchitectOracle Higher Education

Oracle’s Perspective on Data Privacyand Information Security within Higher Education

Copyright © Oracle Corporation 2007

This document is for informational purposes. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development,

release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. This document in any form, software or printed matter, contains proprietary information

that is the exclusive property of Oracle. This document and information contained herein may not be disclosed, copied,

reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement

with Oracle or its subsidiaries or affiliates.

Safe Harbor Statement


Agenda

• The ‘World’ as we know it.

• Lessons Learned

• Best Practice

• Technology


Top funding initiatives for Higher Ed.

• Endowments

• Attract Research Grants & Researchers

• Ability to attract/retain Faculty and Staff

• Fund-raising & Alumni campaigns

• Student Recruitment

Reputation is key to accomplishing these objectives.


NameName TypeType ID’s ID’s ImpactedImpacted

UC Berkeley Stolen asset 98,400

Boston College Hacking 120,000

Northwestern Hacking 21,000

U of Utah Hacking 100,000

Cal State Hacking 59,000

U of Colorado Hacking 49,000

Univ of Chicago Insider Unknown

Tufts Univ Hacking 106,000

Carnegie Mellon Hacking 19,000

Georgia Southern Hacking 10,000’s

OSU Stolen asset 37,000

Kent State Hacking 100,000

U of Iowa Hacking 30,000

U of Hawaii Insider 150,000

2005 Examples

NameName TypeType ID’s ID’s ImpactedImpacted

Georgetown Hacking 41,000

Vermont State Hacking 14,000

U of Alaska Hacking 39,000

U of Texas Hacking 197,000

Ohio University Hacking 300,000

Ohio University Hacking 60,000

Western Ill Univ Hacking 180,000

U of Tenn Hacking 36,000

Northwestern Hacking 17,000

Georgetown Hosp

Hacking 30,000

UCLA Hacking 800,000

UT Dallas Hacking 35,000

U Minnesota Insider 13,000

2006 Examples

Source: Privacy Rights Clearing House August 5, 2006

Higher Education Identity Breach StatisticsMarch 2005 - Oct 2007

Number of Incidents: 125+

Several CIOs “re-assigned”

Identities Lost or Stolen: 5+ Million

1/3 to 1/2 of all Breaches in Higher Ed.USA Today


Data Breach attacks the Reputation

Colleges are textbook cases for cybersecurity breachesAug 2, 2006 – Colleges and Universities aren’t up to speed when it comes to safeguarding information on their networks. - USA Today (Front Page)

Breaches Can Cost MillionsApril 24, 2006 - UofTexas Hackers accessed records containing the identifies of 197,000 students, alumni, faculty staff and corporate recruiters.

Most People Fear the External Threat

Executive fired after theft of identifies. Cost over $9 million in legal expenses, notification, credit watches, etc.

But 70-% of Breaches are from Insiders

Patient’s identity stolen by Lab tech

Programmer steals & sells 112k identifies

Employee loses backup tape (130K identifies)

Value of Preventing a BreachLow End (Thousands)

● Embarrassment● Cost of a Credit Watch● Notification● Staff termination

High End (Millions)● Lost funding (Alumni, Grants)● Multi-Million Legal Fees● Notification, Credit Watch, etc.● Terminated Executives


Source of Data Breaches

Hacked Systems

7%

Lost Laptop or device

35%

Third Party or

Outsourcer21%

Electronic Backup

19%

Paper Records

9%

Malicious insider or

code9%

Source: 2006 Annual Study: Cost of a Data Breach - Understanding Financial Impact, Customer Turnover, and

Preventative Solutions - Benchmark research conducted by Ponemon Institute, LLC.


Potential Costs of a Security Breach(Assumes 5% of 2M Identities)

Source Cost Per Individual Total (in Millions)

AIG – Chronicle of Higher Education $10 $1.0

Tech 404 Data Loss Cost Calculator** $116 $11.6

Educause – Ponemon Institute $182 $18.3


Why are Universities being Targeted?

• De-Centralized Environments/Systems

• Multitude of Administrative/Academic/Research Systems

• Spanning Multiple Campuses/Countries

• Open Culture of Information Sharing• Including External Research Partners

• Supporting a Diverse Constituent Base

• Not all data is under IT control

Hackers receive: $14 per SSN - USA Today

Thousands of new SSN’s each Semester


Information being breached

27%

15%8%

32%

22%

5%

27%

0%

10%

20%

30%

40%

Stude

nt p

erso

nal in

fo

Emplo

yee

pers

onal in

fo

Financia

l dat

a

Course

mate

rial

Research

Med

ical r

ecor

ds

None o

f the

abov

e

Source: Eduventures survey 2007


Current Security Approaches

Security MethodEffectiveness in Data Privacy Risk Remediation & General Issues

TrainingEssential, but need to implement learning in a consistent way

Policies & Procedures Essential, but very difficult to enforce & monitor

Monitoring & AuditsEssential, but doesn’t stop security breaches from happening

Application Security Essential, protects the front door but not the back

Elimination of InfoMost effective, but very difficult to completely eliminate SSNs

Automated ControlsEffective, but must be implemented in ways that least impact systems & business ops

Manual Controls Less effective due to human error


The Path Forward: Lessons LearnedPolicies & Procedures

• Difficult to gain buy-in

• Difficult to enforce (especially manual ctrls)

• Training is expensive

• Difficult to maintain (people / environs. Chg)

Encryption

• ONLY protects Non- Authorized users

• Does not protect distributed & physical data

• Apps make it difficult to enable

• Many apps have to be modified to enable

• Difficult to enforce (especially within depts)

• Performance overhead

• Every technology handles it differently

Auditing

• Monitors after the event

• Performance overhead

• Burdensome to mine the various audit logs


The Path Forward: Roll Your OwnChallenges

• Time consuming to implement

• No consistency on Alternate Identifier

• Apps have difficulting speaking with each other

• No one place for various users to find the Alt ID

• Multiple Match/Merge/De-Dup routines

• Protection of PII data is weakened due to multiple repositories, users accessing, audit logs, training.

• Challenges pose increased likelihood of subverting system.

Challenges

• Audit expense more difficult and expensive due to separate repositories

• On-Going maintenance much more expensive

• Policies are much more complex due to sensitive data being captured and stored in multiple repositories

• Dissemination and breach of sensitive data much more likely.

• DM/DW have difficulty in reconciling multiple Alt IDs


Best Practiceand

Solutions


The Insight Process(Campus Security)

• Understanding Program

• Agreement on Focus Areas & Agenda

DiscoveryDiscoveryWorkshopWorkshop

SolutionSolutionDesignDesign

RoadmapRoadmapPresentationPresentation

InviteInvite

Campus Identity Management InsightCampus Identity Management Insight

• University and IT Objectives, Challenges, & Needs

• Current and Future Landscape

• Evaluate University and IT Objectives

• Prepare Recommendations & Roadmap

• Observations and Recommendations

• Benefits, Roadmap, and Next StepsToday

RoadmapRoadmapUpdatesUpdates

• Periodic Updates to Roadmap


IT Objectives Supporting University Goals

Establish leadership distinctiveness as a Professional Continuing Education University

MaintainLeadership

Distinctiveness

Key Objectives

Establish and Grow Research

Increase Caliber of Student Population

Meeting the infrastructure needs of an expanded role as a research University.

Extend leadership position in recruiting a higher quality student population

Increase the quality of services while at the same time reducing cost

University of xxxxx Goals

PACE


What We Heard

“There are a lot of users in the system that are gone (from U of xxx).”

“There is a lack of process infrastructure.”

“Merging Identities is difficult."

“We don’t do a good job providing a consistent infrastructure for authorization.”

“There is not always a single authoritative source for every element of data.”

“Student Lifecycle management is kludgy. From being a prospect, when do I get a PID and an ONYEN?”

“We are so decentralized.”

“There are people that left 4 or 5 years ago…..still using email accounts.”

“It’s not that hard to create a duplicate PID. It can take a week and a half to resolve this issue.”

“We hope someone notifies us when someone leaves.”

“We have a lot of projects that are keeping us from what we should be doing.”

“We do admissions 62 different ways across campus.”


Findings

Strengths

Identity Provisioning

Identity Administration

Access Management

Data Security


Strengths

Strengths to Leverage

• U of (xxxxx) has been remediating SSNs for several years.

• University executive management is solidly behind IT efforts to secure sensitive personal information.

• Existing policies are well-documented.

• There is institutional cooperation in addressing PII and other security concerns.


Key Observations and Findings

• Identity Management (IdM) vision and roadmap are solid.

• U of xxx was an early adopter of SSN remediation and alternate ID implementation (i.e., PID).

• U of xxx knows they want to move to a vendor solution to enhance manageability and solidify their Identity Management implementation.

• U of xxx has built a solid central authentication service with a manageable system leveraging unique identifiers.

• Despite the varied application platforms in place (e.g., Mainframe, web-based), many applications use the central authentication model.

• U of xxx has built a strong meta directory foundation.

U of xxx Strengths to Leverage

• The current identity management process establishes account creation, but authorization is manually assigned in each system.

• There is no comprehensive reporting (or centralized audit logs) that is able to show who has access to what.

• The 12 professional schools and Health system are doing their own things around Identity Management.

• There is no process for managing a users role change from student, faculty, and or staff or any combination of those roles.

• There is no scalable system to manage central authorization for applications or a method to enable role based authorizations policies.

• There is no central service to provide automated provisioning and deprovisioning.

• Password resets can take an extended amount of time and can result in lost productivity.

• Identity management self service are decentralized and are not easy to use.

• End-users experience multiple log-ons across multiple applications.

Identity Management Findings

Data Security Findings

• Generic IDs are being shared by multiple developers and/or DBAs.

• Encryption of sensitive data at the database level (and backups) is not widely implemented.


Identity Provisioning

Observations• Current account provisioning system is custom

code, which can be difficult to extend, scale, and maintain.

• Beyond user creation, requesting and provisioning of authorization is mostly manual.

• Deprovisioning of users is a manual process and is done on a discretionary or “one off” basis.

• The majority of request and approval processes are manual.

• Current Identity Management approach is primarily a user account creation system.

• Current PID system lacks sufficient match/ merge functionality, resulting in duplicate IDs.

The existing system provides for user creation but does not support full “life cycle” operations around request management and approval workflow.

KEY FINDING

• A partial provisioning system implementation lacks consistent end to end view of who has access to what. This creates significant risks regarding deprovisioning and auditing.

IMPLICATIONS

Recommendations• Implement the provisioning functions of a

comprehensive Identity Management solution.• Utilize provisioning system mechanisms to

automate user “life cycle” management.• Self service access requests, delegated

administration, and access approvals should all be workflow-enabled.

• Consider SSN remediation solution with an improved merge/match capability to eliminate duplicate IDs.


Observations• There is limited real time visibility into what

access rights a user has across the University.• While many applications “authenticate” against

the central directory, all “authorization” is managed within the individual application.

• As users roles change (i.e., student to faculty to staff) there is no automated way to manage access to applications.

• There is currently no system that stores all user access rights and who granted that access (who has what access rights, and why?).

Current Identity Management provides for limited capabilities of centralized user authorization, with no easy method to audit or report on user access rights.

KEY FINDING

• Unauthorized access to XXX’s applications and/or data by outsiders, ex-students or employees introduces significant risk.

IMPLICATIONS

Recommendations• Implement the authorization functions of a

comprehensive Identity Management solution.• Leverage a central authorization engine to

enforce role/rule-based security policies across all applications.

• Track user access data in a way that can be reported on or audited in a streamlined manner.

• Support compliance requirements by providing infrastructure to report on “who has access to what” in real time or historically.

• Use a standards-based authentication and authorization model to simplify new application/ services integration and access control.

Access Management


Data Security

Observations• XYZ U is provisioning users to multiple LDAP

and database stores. • XYZ U is manually provisioning/deprovisioning

database user IDs.• Sensitive data is generally being written to disk

and backup tapes in clear text. • SSNs are carried into downstream systems

(such as the DW) in order to resolve problems with duplicate PIDs.

• It is difficult to audit/validate database access. Global DBA access, as well as manual deprovisioning, introduces an increased risk of security breaches.

IMPLICATIONS

Recommendations• Implement an automated provisioning solution

for LDAP and database user IDs. • Implement a Global/Enterprise directory

approach for Database and LDAP users. • Consider implementation of a virtualized

directory, to centrally manage all users regardless of user location.

• Consider utilization of available encryption and secure backup capabilities.

• Consider implementing Separation of Duty for Developers and DBAs.

In general, database accounts are manually de-provisioned. Further, generic accounts are being used by multiple developers and DBAs.

KEY FINDING


DBMS Security

Observations• PII data currently resides in Oracle, Sybase,

SQLServer, FoxPro, MySQL, Cache (MUMPS), Informix, VSAM, and text file databases.

• Encryption and auditing of PII data is not consistent across DBMSs.

• Unprotected PII is copied to test and development environments.

• Extensive data transfer between systems.• Many custom built applications and shadow

systems are used for core fU of xxxtionality.

At least nine different database management systems that contain PII data are in use throughout the University.

KEY FINDING

U of (xxxxx) will spend more to secure their PII data than they would if they were standardized on a single DBMS platform.

IMPLICATIONS

Recommendations• Encrypt PII / sensitive data that is not used as a

primary or foreign key – at rest, in motion, and on backups.

• Implement database auditing on key data elements and develop a concise strategy for managing audit logs.

• Implement separation of duties methodology with regard to database administration and auditing.

• Provide masking of PII data in pre-production environments.

• Leverage campus license to unify DBMS while maintaining de-centralization.


Personal Identifiable Information Protection

Best Practice


Analysis

University ‘x’ Initiatives*

A. Implement user lifecycle provisioning/deprovisioning

B. Develop and implement a centralized audit strategy

C. Document, manage and enforce security policies and procedures

D. Develop a system-wide role management strategy

E. Create a centralized authorization repository

F. Develop formal data policiesG. Centralize and improve end

user self service functionsH. Consolidate directory views

with virtualizationI. Consider further securing

SSN information

Low

Complexity

Hig

he

st

Me

diu

mH

igh

Va

lue

High

“Targets”“Secondary

Targets”

E

A

F

H

C

D

G

B

*Initiatives are roughly listed by priority, but no strict priority or dependencies are implied. It’s just a list.

I


Enterprise Campus Identity Management

DirectoriesCustom App

Systems & RepositoriesApplications

Purchased

Auditingand

ReportingPolicy and Workflow

EmployeesStudents FacultyVendors

External

Delegated Admin

Research & Distance Ed

Universities

Internal

Identity Management Service

Access Management•Authentication

•Authorization • Identity Federation

Identity Administration•Delegated Administration•Self-Registration & Self-Service•User & Group Management

Directory Services•Directory•Meta-Directory•Virtual Directory

Identity Provisioning•Unique Person Identifier•Direct target integration•Password Synchronization

Monitoringand

Management

HR

Data Security

WebWeb


AccessAccessControlControl

Solutions

IdentityIdentityAdministrationAdministration

Authentication & Authentication & AuthorizationAuthorization

Single-Sign-OnSingle-Sign-OnFederationFederation

Web Services SecurityWeb Services Security

Delegated Delegated AdministrationAdministration

Self-Registration Self-Registration Self-ServiceSelf-Service

User & Group Mgmt.User & Group Mgmt.

DirectoryDirectoryServicesServices

VirtualizationVirtualizationSynchronizationSynchronization

StorageStorage

Identity Identity ProvisioningProvisioning

AuditingAuditingReportingReporting

Unique Person Unique Person IdentifierIdentifier

Target IntegrationTarget IntegrationPassword Password

SynchronizationSynchronization

ReconciliationReconciliationAttestationAttestationReportingReporting

Audit TrailsAudit Trails

DataDataSecuritySecurity

EncryptionEncryptionFine Grained AuditingFine Grained AuditingSeparation of DutiesSeparation of DutiesPolicy EnforcementPolicy Enforcement


Desktop PII Protection

Observations• There are 50,000 desktops, more than 10,000

of which may have shadow systems and/or extracts.

• Redaction is a labor-intensive, manual process.• SSNs, medical records, research documents

and other sensitive data exists on desktops.• U of xxxx is already investigating desktop PII

protection solutions.

Unprotected PII data exists on laptops, desktops and other mobile devices around the university.

KEY FINDING

35% of all breaches occur through loss or theft of laptops, desktops, or other personal devices.

IMPLICATIONS

Recommendations • Investigate and implement an Information Rights

Management solution to protect sensitive data and intellectual property (document sealing).

• Provide automated redaction capability.


Data Movement

Observations• There are a large number of interfaces across U

of (xxxxx) that pass PII data, sometimes encrypted, but most times as non-encrypted.

• There has not been a consistent approach to developing and maintaining interfaces between systems.

• It is difficult to get a complete picture of the existing PII used in data integration.

No consistent approach for the amount of data movement and transformation of PII data between disparate systems.

KEY FINDING

Difficult to comply with stringent privacy and regulatory requirements and allows for a higher risk of a data breach.

IMPLICATIONS

Recommendations• Develop an institutional data integration

strategy that can support U of (xxxxx)’s de-centralized environment.

• Deploy an infrastructure that will provide a sustainable compliance strategy.

• Standardize on a tool that has the following:• Data integration in batch, real-time,

synchronous, and asynchronous modes. • Metadata repository for PII data attributes.• Rule-based engine.• Data cleansing and monitoring.


SSNSSN

SSN SSN

3.Report, Convert

& Transmit

2.Secure & Manage

Privacy Vault

1.Capture, Convert

& Encrypt

SIS Feed

ADM

SSN Recipients

Optimal protection of sensitive data

Advance

Shadow

Prospect

SSN SSN

Oracle Data Privacy Shield


SSNSSN

SSN SSN

3.Report, Convert

& Transmit

2.Secure & Manage

Privacy Vault

1.Capture, Convert

& Encrypt

Alt ID

Alt IDAlt ID

Alt ID

SIS Feed

SSN

SSN

Alt ID

ADM

Alt ID

Secure Web Services

Alt ID

Secure Web Services &

Process Integration

SSN

SSN Recipients

SSN

Alt ID

Optimal protection of sensitive data

Advance

Shadow

Other


Oracle Identity Management Customers

Existing Customers Recent Wins


Questions and AnswersQuestions and Answers

Documents

Michael Haas Principal Solution Architect Oracle Higher Education Oracle’s Perspective on Data Privacy and Information Security within Higher Education