Protecting cloud-based Scottish health data from cyber harms 

The Health Informatics Centre (HIC) at the University of Dundee specialises in the provision of secure data collaboration to facilitate cutting-edge medical research. The centre holds consented health data on roughly 20 per cent of the population of Scotland, spanning a time period of around 30 years. Data governance and security is therefore critical to their successful operation and HIC recently expanded its data centre from on-premise to also include the cloud.

“We wanted to take advantage of leading cloud technologies to advance health research projects, while upholding stringent governance and compliance with our existing and ongoing information security standards”, explains Ian Fletcher, information security and governance manager, HIC.

As a custodian of health and sensitive data, HIC needs to ensure that it has the right security in place to safeguard the critical data that it manages, which is why it has opted for Sophos Cloud Optix and the many benefits the cloud security provider brings.  

Fletcher adds: “I think one of the key benefits for HIC is the ability to apply consistent ‘guardrails’ within the AWS environment to ensure compliance with our required information security standards. HIC is ISO 27001 certified, a data processor for very sensitive NHS data, and is externally audited twice a year as part of that ISO 27001 process. With Cloud Optix, we can be confident that we are in constant compliance. We also have peace of mind that with Cloud Optix’s proactive 24/7 monitoring in place, we would be alerted should any activity deviate from our applied security standards, and any issues flagged to us quickly.”

Other benefits for HIC include:

• Integration with Sophos Central and other products to provide a ‘one-stop shop’ to monitor the security status of the entire IT infrastructure environment  
• Easy integration with solutions from vendors other than Sophos, as appropriate  
• Time savings and an improved experience for IT infrastructure engineers by monitoring activity through a ‘single pane of glass’ 
• Oversight of spend and activity in the cloud on a project-by-project basis enabling the optimisation of cloud costs  
• A very intuitive and operator-friendly interface  
• A trusted cloud security posture at a very competitive price  
• Excellent 24/7 support from Sophos and great support too from their Sophos account manager in Scotland 

HIC purchased a three-year Cloud Optix licence to cover the entire predicted AWS workload moving forwards, and Fletcher has been very pleased with the onboarding process and the functionality of the product so far. He is confident that Cloud Optix will help HIC far into the future, enabling the organisation to work with new and emerging technologies. In turn, this will enable researchers to access and mine the complex datasets they need to progress such cutting-edge health research projects for the greater good of us all.

About Sophos and AWS 

The security posture management and compliance provided by Sophos Cloud Optix makes it straightforward for HIC to keep data secure while simultaneously blocking threats. 

As an AWS Security Competency-approved, AWS Level 1 Managed Security Service Provider and AWS Advanced Technology Partner, Sophos protects more than 100 million users from today’s most advanced cyberthreats and is helping to build secure and scalable cloud transformations with AWS. 

The Sophos unique approach fuses automated protection across endpoint, cloud workloads and networks, with 24/7 managed threat response services to create a single cybersecurity package to secure data, proactively prevent vulnerabilities and block advanced threats.

Richard Walls, business development & relationship manager, HIC, said: “When we decided to purchase Cloud Optix, the support from Sophos was excellent. We had a product onboarding afternoon with two Sophos Professional Services engineers and that helped to enable our Infrastructure team to quickly learn about the solution in practice. Sophos has always been quick to respond and help with any related queries and further information for both this and our other software purchases from them.“