Canterbury Christ Church University Uses Rubrik Sonar and Radar to Identify and Mitigate Data Risk

Overview

Canterbury Christ Church University is a public university located in Canterbury, Kent, England. Since its inception in 1962, the university has developed rapidly with over 15,000 students based at locations across Kent in Canterbury, Medway, and Tunbridge Wells. It is Kent’s largest center of higher education for the public services and also offers academic and professional programs in various fields.

For Andy Powell, Head of Infrastructure at Canterbury Christ Church University, sensitive data discovery and management is top of mind, especially given the increase in ransomware attacks during the COVID-19 pandemic. “Prior to Sonar, we had limited visibility into potential sensitive data risk, which can lead to hefty non-compliance violations, fines from the Information Commissioner’s Office (ICO), and negative brand impact,” said Powell. “Rubrik is unique in that it allows us to transform backup data into a strategic business asset that identifies trends or anomalies indicative of potential data security risks, such as compliance violations, data breaches, or ransomware.”

Solutions

Reduced time spent on freedom of information and subject access requests

In the United Kingdom, the Freedom of Information Act entitles members of the public to request information from public authorities. In addition, Right to Access under General Data Protection Regulation (GDPR) allows any individual to obtain records of his or her personal information from an organization. Prior to Sonar, the process to address FOI or SAR requests was very time-consuming and manual.

“For example, we got an urgent FOI request in the past that was very painful. It required significant infrastructure resources to facilitate this search. In order to not impact production, it would require at least one day to create a new virtual machine and another two days to restore from backups and index that data. This consumed valuable FTE time,” said Powell. “Now, with Sonar, we can create a keyword search and run it across all relevant shares at once. For that same FOI request, we got over 30,000 hits in half a day and could immediately export that information to legal. More importantly, we didn’t need additional infrastructure to facilitate the search and it didn’t impact production data.”

Increased compliance and instant visibility into at-risk PCI-DSS or UK PII data

Powell and team use Sonar to help identify potential locations of high sensitive data concentration and non-compliance violations. As a public institution, the university must comply with all relevant legislation in the United Kingdom, including health data for the National Health Service (NHS), credit card data for Payment Card Industry Data Security Standard (PCIDSS), and general UK personally identifiable information (UK PII). “Given the evolving data regulatory landscape with new risks posed by Brexit, GDPR, and California Consumer Privacy Act (CCPA), sensitive data management is more important than ever. When we first ran Sonar, we discovered PCI-DSS where it shouldn’t be and potentially breaching significant guidelines. Since we were able to identify the root cause, we quickly fixed the issue and implemented new processes to ensure credit card data was being stored correctly,” said Powell.

“Part of compliance is periodic cybersecurity audits. We have seen many public institutions face costly breaches. That’s why we want to be proactive on how we are managing our sensitive data. Sonar helps us continuously monitor and manage UK PII, credit card, and health data as well as prove to auditors what types of sensitive data is where,” said Powell.