ABOUT UNIVERSITY OF HAWAII
The University of Hawaii is a 10-campus University System. The UH Manoa campus is a research campus with remote staff and students on various islands and around the world. Over 400 faculty and staff at UH Manoa’s College of Education use hosted services to exchange private and sensitive material. A multitude of these users are online at any given point in time -- uploading information, exchanging ideas and storing sensitive information, all of which is private and protected by law. While in the process of deploying full-disk encryption and file storage and sync for all faculty and staff, they also needed a layer of complete monitoring.
The University of Hawaii system has experienced multiple data breaches which revealed personally identifiable information (PII). Since then, the University has experienced legislative pressure and is under legal mandate to further protect their data. On top of that, they have numerous other compliance regulations to meet, including FERPA and HIPPA, due to the sensitive nature of the data. The College of Education’s Technology and Distance Programs office is responsible for securing and protecting such data for the College.
“The data we store is protected by the law and it’s due diligence on our part to monitor instances for intrusion,” said Stephan Fabel, IT Manager at UH Manoa’s College of Education. “We want people to log on to the network and participate, but need to know that everything is protected while they are logged on.”
And because of their highly distributed computing architecture with broad access from students and faculty across the islands and beyond, they felt they did not have full control or insight on who was doing what and from where. “We needed to find a solution that ensures privacy, indemnifies us from fault by adhering to industry best practices, and creates a technical solution path for our various security policies,” said Fabel.
“With Cloud Sight, we’re able to see what happened, how it happened, and who did it. This is especially important for us to have given the distributed nature of our network and with the need to keep a history of activity in the event of a breach. No other solutions measured up,” Fabel explained.
“Cloud Sight provides us a way to gain a greater sense of control and insight as to who has done what on our instances at any time. It completes our security profile by protecting our network at the data level,” Fabel continued. He and his team achieve this level of control through Cloud Sight’s email notifications. “The daily summary emails are extremely useful as it allows us to view the context of any event and dive in deeper from there. We’re also notified of administrative changes made on an instance and can easily look into the history of any logged in session.”
“Cloud Sight closes the gap between application monitoring and network monitoring. Before Cloud Sight, we had no idea how to do this, but now it’s done automatically which is a great feeling. With Cloud Sight, we’re able to do our due diligence to monitor our hosts above and beyond government requirements,” concluded Fabel. They now know who has access, who did what, and can answer any intrusion question and show the audit trail if asked in a legal situation.
Since installing Cloud Sight by Threat Stack, UH Manoa’s College of Education:
- Is protecting against PII data theft from all angles
- Meets and exceeds HIPPA and FERPA regulations
- Monitors and protects highly-distributed computing architecture with broad access
CloudSight is unlike traditional providers as its quick and easy to roll out, and automatic and scalable in the cloud, allowing them to pull up instances and immediately monitor and protect them with no manual involvement.