Identity Finder Upgrade (Counties and Research Centers)

Posted: December 7, 2012

In January, Security Operations and Services (SOS) will release version 6.2 of Identity Finder. This version performs a more comprehensive scan of computers, to ensure machines are free of Personally Identifiable Information (PII). Due to the changes in what and how documents are scanned, scans may take significantly longer than with the previous version. For more information on the changes Ag IT is implementing to help ease this transition, continue reading.

Regular Identify Finder (IDF) scanning, followed by diligent remediation is an ongoing, mandatory process for every Penn State owned computer. As the IDF software evolves and changes are implemented, we will need to adapt our procedures. In January, Security Operations and Services (SOS) will release version 6.2 of Identity Finder. With this new version, more documents and document types will be scanned for personally identifiable information (PII). Additionally, documents will be scanned in different ways, including the use Optical Character Recognition (OCR). These changes are important security enhancements, but will likely result in longer scan times.

To minimize user impact, Ag IT will be implementing changes to the way the IDF software functions. These changes should resolve some of the problems reported in the previous software version as well as help to limit how much additional time will be required to scan a computer. Below is a partial list of some of the changes that will be implemented.

  • More Exceptions - More locations on your computer will automatically be "ignored" from scanning, such as Program Files and other locations where the probability of finding PII is very low. This will decrease scan times.
  • Longer Time Between Scans - The amount of time between scans is being extended from two to three weeks. PSU policy allows us to evaluate a compromised computer if a scan was performed and the computer fully remediated within 30 days of the compromise. We ask that you be diligent with remediation to remain within the 30-day period. This change in scan frequency should make scanning and remediation less burdensome.
  • Scheduled Scans – To help ensure computers are scanned in accordance with Penn State and College policies, IDF will be scheduled to run scans from the central management console administered by Ag IT. You will no longer be required to create schedules or reminders to manually scan your computer. You will still have the ability to manually scan your computer if you choose. You will also retain the ability to “pause” a scan if it adversely affects your work and then restart it at more convenient time.
  • No Password Required - You will no longer be prompted for a password when you manually initiate an IDF scan. The same profile will be used whether you initiate a scan manually or allow the scheduled scan to initiate the process1. Allowing the same account to be used for both types of scans ensures that previous remediation efforts are recognized. This change will streamline the use of IDF and reduce the chance of duplicated remediation.

Scanning with the new version of IDF will be different, but we will continue to look for ways to make the process as easy as possible for users. We all have the responsibility to protect our computers and any sensitive data that may at times reside on them. Please be patient during the scan process and allow scans to complete. Additionally, please make every effort to remediate scan findings as quickly as possible. If you find that your scan is running abnormally long, causing extreme performance issues on your computer or if your scan does not complete and close correctly, please contact the Ag IT Help Desk.


Technical Discussion

1A scheduled scan uses the "guest" profile with no password. A manual scan can use either the same guest profile with no password or a separate profile that you create with a password. If you use both a guest and password profile, they don't share information and this often resulted in duplicate remediation efforts. Further, passwords were forgotten and profiles had to be deleted if the password was used for scheduling your own scan (which we've moved away from a while ago). Also, that password was saved in clear text in one area and presented security challenges. We believe that using only the scheduled-scan, guest profile with no password streamlines the use of Identity Finder.