Posted on: June 10, 2021
The TRU Information Security Office has been working closely with Varonis (an industry leading platform that is built to protect the world’s most valuable and vulnerable data), to identify stale data, as well as stale sensitive data, hosted on TRU’s network storage devices.
Protecting the data that you may have access to is critical to TRU. As a research and higher education institute, there are terabytes of critical research data and gigabytes of day-to-day records that the bad actors would love to get their hands on.
This data remediation project will remove over 5 Terabytes of data from the department shares, reducing TRU’s attack surface and risk. This amount of data represents 24% of the total amount of information that TRU stores on the network drives. The project will not be looking at data on Microsoft Teams, SharePoint, H (home) or I (instructor) drives.
On Monday, July 5th 2021, (date adjusted) communications will be sent out to the divisions and departments that have been identified in the initial report, advising of the data files and locations within their department drives.
On July 30th 2021, (date adjusted) the identified stale data and stale sensitive data will be moved to a staging area, where it will be available for 30 days. This will allow a closer review of the data and recovery if deemed necessary by the divisions and departments. Once that 30-day limit is reached, the data will be permanently destroyed.
Using the Records Retention/Disposal Policy that TRU has established, stale data has been defined for this project as “a file that has not been modified within the last 7 years[1]” and stale sensitive data has been defined as “a file that has not been modified within the last 7 years and contains either PCI[2] data or PII[3] data”.
You may have already seen Varonis at work protecting the data you work with. User behavior patterns (the actions and work being done on TRU’s data) has been monitored in the background for the last year and a few users have already received alerts regarding abnormal behavior on the stale data on the network drives. This abnormal behavior has not been malicious in nature in the past; however, lateral movements of data and user privilege can go undetected for months, even years if not being looked for.
[1] 7 Years is equivalent to 2555 calendar days
[2] PCI = Payment Card Industry Standard
[3] PII = Personally Identifiable Information