American River College (ARC) is a public community college with 38,000 students granting certificates and associate degrees across a variety of educational subjects, primarily serving the adult residents of the six-county Greater Sacramento, California region. To participate in a variety of government programs providing student grants and services, ARC has to store personally identifiable information (PII) about its students to facilitate regular reporting to various supporting program agencies.
ARC had to ensure the security of PII to help meet various compliance requirements including the Federal law regarding the privacy of students’ records, Family Education Rights and Privacy Act (FERPA).Very aware of the need to protect sensitive student information, Linda Jurgens, ARC’s Information Technology Supervisor, explained, “As a district we have implemented numerous security policies, but as a college, we wanted to assure that the student data would not be viewable to any unauthorized persons.”
ARC had to protect a variety of data, including MSSQL, flat files, proprietary database information and scanned document images. Consideration also had to be given to how encryption would affect applications installed on the servers as well as requirements of the operating systems.After careful evaluation the IT staff identified and decided to encrypt resources that contained high-risk data. These resources contained several servers in a mixed environment, both physical and virtual holding a wide variety of shared information; multiple Microsoft SQL Server databases; and the digital warehouse containing over 300 gigabytes of data detailing 50 years of student enrollment history. The college needed an encryption solution that could accommodate its wide array of data types without requiring changes to existing custom applications.
The evaluation team set out to find a flexible system that could leverage ARC’s existing Active Directory groups to assign access permissions to specific folders and be transparent to existing applications. “We met JCS & Associates at a security convention,” recalled Jurgens, “and were told about the Vormetric Data Security solution and its Active Directory capabilities.” Ann Arbor, Michigan-based JCS & Associates, Inc. is an information systems security integrator helping customers accelerate the evaluation, proof-of-concept and executive buy-in cycle for new security solutions.
The ARC team reviewed several solutions alongside Vormetric. “JCS’s responses to all our questions were very clear and informative,” stated Jurgens, “In comparison to Vormetric, other products were extremely complicated or awkward in some way. Vormetric’s capabilities encompassed being able to encrypt individual folders through to entire volumes; it is application and platform agnostic; and its key management was very intuitive and smooth. We were so relieved that we’d finally found such a great fit for ARC’s needs!”
ARC asked Vormetric to assist in the implementation to help meet tight deadlines. “The servers were only offline for a minimum time during the encryption procedure,” observed Jurgens. “The Vormetric consultant was on top of the entire process, and we completed the first phase of installation in four days.”
Jurgens communicated details of the Vormetric implementation to students and faculty, “Our user community was impressed to see our commitment to data security and pleased at experiencing minimum levels of interruption during installation.”
Jurgens is very happy with the transparency and ease of administration, “Vormetric Data Security is virtually invisible and does not require special groups or structures; it leverages what we already have in place and delivers on the promise of simple enterprise key management. Using our standard Active Directory groups to apply permissions really simplifies the overall administration.”