Shelter
Security for a higher cause
In today’s digitally connected world, keeping personal data secure is a paramount concern for all organisations. But nowhere is this more pertinent than with those organisations handling sensitive data and working with vulnerable people.
For Shelter, a prominent UK-based charity that fights the devastating impact the housing emergency has on people and society through campaigns for change, advice, and support, protecting the personal data of the people it supports is not just critical for their safety, but also in maintaining Shelter’s reputation as a trustworthy organisation that can be relied upon in times of need.
To ensure the protection of its data, maintain compliance with rigorous industry standards such as Cyber Essentials and Cyber Assurance, and to stay ahead of evolving cyber threats, Shelter embarked on a strategic partnership with Phoenix Software to implement Microsoft’s Sentinel Security Information and Event Management (SIEM) system.
Key facts
Challenge
Shelter’s long-standing commitment to aiding some of the most vulnerable members of society means it handles a vast array of sensitive information. This makes their IT infrastructure a high-value target for cyber criminals. Conducting regular penetration tests revealed vulnerabilities, with the highest priority being ensuring strong protection for accounts with access to Shelter data. This vulnerability is a common issue for many organisations, and poses a significant risk given the nature of Shelter’s work.
Another challenge arose from the charity’s work with the Ministry of Justice. As part of its collaboration, Shelter is required to undergo the most complex form of penetration testing available, in line with the National Cyber Security Centre (NCSC) standard. Since Shelter’s systems rely so heavily on cloud databases hosted on Microsoft services, the penetration test became inherently intricate. Meeting industry compliance standards, such as Cyber Essentials and Cyber Assurance, further added to the complexity of their security requirements.
Solution
To address these challenges, Shelter adopted Phoenix Software’s proactive security service, Sentinel Essentials. Based on Microsoft’s SIEM tool Sentinel, Phoenix Protect detects, analyses, and responds to security threats before they can cause harm.
SIEM combines Security Information Management (SIM) with Security Event Management (SEM) into a single, holistic security management system to give organisations maximum visibility into the activity on their network so they can swiftly respond to cyber attacks.
The project began with a three-month pilot in December 2021, which was later extended to a full year due to its success. Following a thorough evaluation (including a public tender), Shelter committed to a three-year partnership from March 2023 onwards, reinforcing their trust in Phoenix Software and the Phoenix Protect service to provide the security and real-time threat monitoring and analysis it needed.
Benefits
Uncompromised security:
the implementation of Sentinel Essentials ensures that Shelter’s IT infrastructure receives round-the-clock monitoring and protection. Since partnering with Phoenix, Shelter has not experienced any major security incidents, effectively safeguarding their valuable data and minimising potential risks
Real-time threat detection, analysis, and triage of potential security threats:
Phoenix Software’s Security Operations Centre (SOC) monitors Shelter’s systems on its behalf, triaging an impressive 10,041 incidents over the past 12 months. These incidents included 1,210 high-severity, 3,060 medium-severity, 5,710 low-severity, and 61 informational cases. To prevent Shelter’s team from being overwhelmed with reports, the severity of each alert is first triaged by the Phoenix SOC, with only those deemed to be genuine threats escalated to Shelter for action. Of the 10,041 incidents flagged by Sentinel, a total of just 319 were reported to Shelter. This allowed Shelter to respond proactively to potential security breaches without being bombarded with the noise of endless alerts
Tailored dashboard and support:
Phoenix provided a customised Sentinel Essentials dashboard for Shelter to suit their specific needs. The dashboard provides valuable insights, such as Multi-Factor Authentication (MFA) status, enabling Shelter’s team to make data-driven security decisions
Compliance and peace of mind:
meeting the stringent requirements of Cyber Essentials and Cyber Assurance L1 standards was essential for Shelter’s work with the Ministry of Justice. The implementation of Sentinel Essentials played a pivotal role in achieving compliance, ensuring the charity maintained a high level of cyber security and data protection. Shelter is now looking to obtain Cyber Assurance L2
24/ 7 coverage:
The Phoenix SOC team is available 24/ 7, extending Shelter’s IT resources beyond office hours and ensuring it can respond to cyber security challenges whenever they arise
Conclusion
Shelter’s collaboration with Phoenix Software and the implementation of its Phoenix Protect service has significantly enhanced the charity’s cyber security posture. The partnership not only fortified data protection and threat detection capabilities but also enabled Shelter to meet stringent compliance standards essential for their work with the Ministry of Justice.
By leveraging the expertise and responsiveness of Phoenix Software and its SOC, Shelter has attained peace of mind and the confidence to focus on their core mission of fighting the housing emergency and providing support when it’s needed most.
Our specialists are here to help solve your challenges
Contact our specialists now to explore the tech solutions available for you.
Alternatively, email us at [email protected] or call 01904 562200 and one of our specialists will be in touch to discuss your requirements.