Pain

Academic institutions such as Niagara College are storing more data than ever before. They collect tuition, receive alumni donations and catalogue interactions with campus police and health services. In fact, academic institutions manage as much sensitive information as any modern business – if not more.

The college includes two campuses, 23 departments, and thousands of domestic and international students. The staff at Niagara College are responsible for safeguarding personal data as it travels across servers, drives and email clients.

In order to proactively secure PII, Niagara’s Board of Directors requested that the College perform a Cyber Risk Security Assessment. The assessment identified a clear need to better understand the College’s data assets.

It also led to the formation of a data governance team to proactively identify data and manage their data security.

To allow for even greater controls to be enforced, the team launched an initiative to migrate the data they manage into the cloud. In order to prepare for the transfer of data, the team prioritized three tasks: the discovery, classification, and cleaning of the troves of data on the college’s servers.

To identify data and have it adequately tagged, the data governance team needed a tool to help them to:

• Find and scan data across all locations (drives, email, servers)
• Determine where the data lives and its creation date
• Determine who has access to it
• Identify all duplicate files
• Provide a preview of the data the document contains
• Provide reports that are easy to understand and make next steps clear

Solution

While Niagara operates various data discovery tools to support PCI Compliance, none could satisfy the data governance team’s data discovery requirements.

According to Claire Rosati, Associate Director of the Project & Portfolio Office at Niagara College and program manager for the data governance efforts,

“Looking at the audience that would need to take action on the data, the results from existing tools were unusable for us. It would require someone to go line by line, without the ability to sort by data type.”

Niagara College turned to a trusted resource for a recommendation on a more user-friendly tool. “We have a strong relationship with a top consulting firm, and they couldn’t say enough good things about the Qostodian Recon tool,” says Claire.

Within minutes, Claire’s team was able to install Recon and begin scanning data. Mat Steglinski, Senior Business Systems Analyst at Niagara College, adds:

“Whereas our existing tools took days, Recon took less than six hours to scan several terabytes, and less than two hours for hundreds of gigabytes.”

With Recon, Claire and Mat were able to get a clear picture of the sensitive data stored across the college. They easily determined the level of risk within each department, ran searches by specific data elements, and received fully contextualized results. In short, they had every piece of information they needed to make informed recommendations right at their fingertips.

Results

One of the data governance team’s main goals was to drive buy-in for the project across the college’s many functional areas. It was essential that reports were easily understandable and actionable.

“The results that Recon provides are something that anyone can use. The reports are logical, clear and easy to read. We were quickly able to sort through thousands of records, weed out false positives, and suggest next steps. We especially liked the ability to access the document in question right in Recon,” says Claire.

Additionally, Claire and Mat found that Recon’s reports helped them pick out the most critical issues to address. Claire adds:

“Our functional team only has so much time to work on this. The data that’s in those results allows us to prioritize. Time is finite, and we want to ensure that the team only brings quality data into the cloud.”

And, while data cleanup is challenging, Recon inspires confidence in helping to ensure effective management and compliance of PII and other sensitive data.

“As a project manager, I trust the results. They increase the chances of success of the entire data governance and migration project. They also help us from a cost-reduction perspective, ensuring only necessary data makes it into the cloud.”