University of Health Sciences and Pharmacy (UHSP)

AT A GLANCE

Company: The University of Health Sciences and Pharmacy (UHSP) is a private institution in the Midwest with over 162 years of history, providing specialized education in pharmacy, health sciences, and related fields. The university operates under FERPA compliance requirements, handling student academic records and sensitive health-science data across a Microsoft-centric environment.

Contact: Zach, CIO and CISO

Challenge: Classic DLP tools couldn't classify the nuanced academic data UHSP handles — FERPA-protected records, letter grades, behavioral context — and demanded a rules-writing workload that a small team simply didn't have time for.

Outcome: Jazz understood UHSP's environment from day one. It surfaced a genuine FERPA compliance risk — academic data moving to an unsanctioned application — that no previous tool could have detected, and delivered pre-investigated insights that let a small team act with confidence.

THE CHALLENGE

Data protection at a university doesn't map neatly onto the model most DLP tools are built for. Zach, who carries both the CIO and CISO role at UHSP, had encountered this gap firsthand.

Part of the issue is the nature of academic data. FERPA-protected student records — grades, academic progress, enrollment details — are contextually sensitive but structurally ambiguous. A document full of letter grades is, to a rule-based DLP engine, just a document full of letters. "If you've ever tried to use a tool to identify a letter grade like an A or a B — which we have plenty of — it's almost impossible," Zach says. Without the ability to understand context — who created the document, what role they hold, what they have access to — traditional tools simply couldn't classify what they were looking at.

The second challenge was operational. Zach runs a small security team with other initiatives competing for time. Building and maintaining the rule library that a traditional DLP deployment demands wasn't realistic. "I didn't want to have to sit around writing rules. We have other projects to work on." What he needed was a tool that could understand UHSP's environment — not one that required the team to teach it everything from scratch.

What UHSP needed was a DLP that understood the organization the way a knowledgeable person would: aware of the regulatory context, the data landscape, and the difference between a routine academic workflow and a genuine compliance concern — without needing to be told explicitly what each of those looks like.

"No rules, no regex. I just say I'm FERPA-regulated — and it gets it."
‍
— Zach, CIO & CISO, UHSP

THE SOLUTION

Jazz approached UHSP's environment differently. Rather than asking Zach to define what sensitive data looks like through configurations and rules, Jazz read the environment contextually from day one — understanding who the users are, what data they have access to, what patterns are normal for their roles, and what falls outside that expected behavior.

"The system almost sort of knew what we needed," Zach says. "It reviewed the context in which we work and how we operate — and found content based on context in a very easy, digestible way."

Deployment was seamless. Once agents were live, they started reporting immediately: what data was moving, where it was going, who was accessing it — without the noise that had made previous tools a liability. Zach didn't write a single rule or touch a single setting. Jazz delivered signal from the start.

The capability that changed the team's day-to-day most was Melody, Jazz's Agentic Investigator. Traditional DLP surfaces a raw event and leaves the investigation entirely to the analyst. Melody reads the data, understands who's using it, traces where it's going, and delivers a pre-investigated explanation of what happened and why it triggered — before the alert even reaches the team. That shift in workload is transformational when you're operating lean.

"It's taking the investigative load off the team," Zach says. "The forensic digging, the log review — putting all of that on Melody instead."

RESULTS

One outcome stood out immediately post-deployment: Jazz flagged a user moving student grade data into Google Docs. On the surface, that looks like nothing — just letters entering a document. But UHSP is a Microsoft shop, and academic data moving to an unsanctioned application is a real FERPA compliance risk. Jazz caught it because it understood who the user was, what data they had access to, and that Google Docs wasn't a sanctioned destination for that information. No previous tool had the contextual awareness to see it.

When Zach presented Jazz to UHSP's leadership team, the response was immediate: "They were absolutely hooked. They saw the use cases right away."

For universities and regulated institutions that have written off legacy DLP as too clunky, too noisy, or too demanding to maintain — UHSP's experience points to what becomes possible when a DLP actually understands the organization it's protecting.

"It's like a whole other member of the team doing all this back-end work that no one really wants to do — but giving us real insights that we can act on."
‍
— Zach, CIO & CISO, UHSP

‍

‍

‍

‍