In today’s digitally connected world, keeping personal data secure is a paramount concern for all organisations. But nowhere is this more pertinent than with those organisations handling sensitive data and working with vulnerable people.
For Shelter, a prominent UK-based charity that fights the devastating impact the housing emergency has on people and society through campaigns for change, advice, and support, protecting the personal data of the people it supports is not just critical for their safety, but also in maintaining Shelter’s reputation as a trustworthy organisation that can be relied upon in times of need.
To ensure the protection of its data, maintain compliance with rigorous industry standards such as Cyber Essentials and Cyber Assurance, and to stay ahead of evolving cyber threats, Shelter embarked on a strategic partnership with Phoenix Software to implement Microsoft’s Sentinel Security Information and Event Management (SIEM) system.
“We exist to defend the right to a safe home and fight the devastating impact the housing emergency has on people and society. We do this with campaigns, advice, and support – and we never give up. We believe that home is everything.”
Shelter’s long-standing commitment to aiding some of the most vulnerable members of society means it handles a vast array of sensitive information. This makes their IT infrastructure a high-value target for cyber criminals. Conducting regular penetration tests revealed vulnerabilities, with the highest priority being ensuring strong protection for accounts with access to Shelter data. This vulnerability is a common issue for many organisations, and poses a significant risk given the nature of Shelter’s work.
Another challenge arose from the charity’s work with the Ministry of Justice. As part of its collaboration, Shelter is required to undergo the most complex form of penetration testing available, in line with the National Cyber Security Centre (NCSC) standard. Since Shelter’s systems rely so heavily on cloud databases hosted on Microsoft services, the penetration test became inherently intricate. Meeting industry compliance standards, such as Cyber Essentials and Cyber Assurance, further added to the complexity of their security requirements.
“We have built a long-standing partnership with Phoenix based on trust and proven success. Having collaborated with Phoenix for multiple services, including Microsoft-related solutions, for over five years, we felt confident in entrusting our critical security needs to Phoenix.”
To address these challenges, Shelter adopted Phoenix Software’s proactive security service, Sentinel Essentials. Based on Microsoft’s SIEM tool Sentinel, Phoenix’s Sentinel Essentials detects, analyses, and responds to security threats before they can cause harm.
SIEM combines Security Information Management (SIM) with Security Event Management (SEM) into a single, holistic security management system to give organisations maximum visibility into the activity on their network so they can swiftly respond to cyber attacks.
The project began with a three-month pilot in December 2021, which was later extended to a full year due to its success. Following a thorough evaluation (including a public tender), Shelter committed to a three-year partnership from March 2023 onwards, reinforcing their trust in Phoenix Software and the Sentinel Essentials service to provide the security and real-time threat monitoring and analysis it needed.
“Phoenix were very responsive during the engagement to ensure we were happy with the configuration and support we received. They were quick to implement any changes we requested for the dashboard and were always obliging to our needs.”
Uncompromised security: the implementation of Sentinel Essentials ensures that Shelter’s IT infrastructure receives round-the-clock monitoring and protection. Since partnering with Phoenix, Shelter has not experienced any major security incidents, effectively safeguarding their valuable data and minimising potential risks
Real-time threat detection, analysis, and triage of potential security threats: Phoenix Software’s Security Operations Centre (SOC) monitors Shelter’s systems on its behalf, triaging an impressive 10,041 incidents over the past 12 months. These incidents included 1,210 high-severity, 3,060 medium-severity, 5,710 low-severity, and 61 informational cases.
To prevent Shelter’s team from being overwhelmed with reports, the severity of each alert is first triaged by the Phoenix SOC, with only those deemed to be genuine threats escalated to Shelter for action. Of the 10,041 incidents flagged by Sentinel, a total of just 319 were reported to Shelter. This allowed Shelter to respond proactively to potential security breaches without being bombarded with the noise of endless alerts
Tailored dashboard and support: Phoenix provided a customised Sentinel Essentials dashboard for Shelter to suit their specific needs. The dashboard provides valuable insights, such as Multi-Factor Authentication (MFA) status, enabling Shelter’s team to make data-driven security decisions
Compliance and peace of mind: meeting the stringent requirements of Cyber Essentials and Cyber Assurance L1 standards was essential for Shelter’s work with the Ministry of Justice. The implementation of Sentinel Essentials played a pivotal role in achieving compliance, ensuring the charity maintained a high level of cyber security and data protection. Shelter is now looking to obtain Cyber Assurance L2
24/ 7 coverage: The Phoenix SOC team is available 24/ 7, extending Shelter’s IT resources beyond office hours and ensuring it can respond to cyber security challenges whenever they arise
“We enjoy our regular calls with the SOC team and get a lot of value from them. We can see that Phoenix puts a lot of value in the importance of the SOC to its customers, since the number of SOC analysts they employ appear to grow almost every week. We have developed a good working relationship with the analysts since we speak to them so regularly.”
Shelter’s collaboration with Phoenix Software and the implementation of its Sentinel Essentials service has significantly enhanced the charity’s cyber security posture. The partnership not only fortified data protection and threat detection capabilities but also enabled Shelter to meet stringent compliance standards essential for their work with the Ministry of Justice.
By leveraging the expertise and responsiveness of Phoenix Software and its SOC, Shelter has attained peace of mind and the confidence to focus on their core mission of fighting the housing emergency and providing support when it’s needed most.
Phoenix enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud and hybrid infrastructures data, AI, security, and collaboration tools. By understanding the individual goals of its customers, Phoenix delivers remarkable, outcome-focused IT solutions and services that allow UK organisations to make a difference to the lives of their employees, service users, and communities.
Phoenix is a signatory on the Race at Work Charter, and a Disability Confident and Living Wage employer. The company is also actively involved in encouraging more women into the IT industry.
