Case Study

How Imperial War Museums improves visibility and control over its sensitive data assets

PCI, PII & GDPR

compliance

Full Visibility

into sensitive data

Alerts

on suspicious behavior

We weren’t aware of anything else in the market that matched the features and capabilities of Varonis. With easily understandable reports, we can now provide evidence that the file permissions we have are secure, and correctly assigned, in a fraction of the time that it took us before.

Ian Crawford, CIO, IWM

Challenge

Although the team was able to extract file permissions information from Active Directory using Powershell, the existing processes were time consuming and cumbersome. Different scripts had to be run, and the resulting information required considerable fine-tuning to provide meaningful data.

One of the key drivers for improving visibility of data, network privileges and permissions was ensuring compliance with regulations; IWM must meet requirements for PCI DSS and demonstrate it can meet the compliance requirements for the National Audit Office and for its own internal security governance.

The IT team provides a range of services to manage the IT and AV across all the museums and galleries. Security and the protection of data is an absolute priority, both from an operational and compliance perspective: this encompasses not only media assets but all sensitive internal data from financial records to employee information. It’s important that we have full visibility of where sensitive data is and can protect it accordingly.

Ian Crawford, CIO, IWM

Solution

  • Gain control over stale user accounts: IWM can keep control over its stale user accounts and has fine-tuned its process to ensure that accounts which are no longer needed can be closed down. IWM now runs reports every month to check against any stale users or accounts which are no longer being used.
  • Visibility into suspicious network activity: Varonis alerts when someone is added to the administrator group, when there is unusual patterns of behavior, or changes in data usage, which could point towards ransomware or other malicious actions.
  • Meet and provide evidence for regulatory compliance: With Varonis, IWM can now provide an audit trail for forensic investigations into any security issues and prove to regulators that it has stringent IT controls in place around its sensitive data, including for PCI DSS. As part of its preparations for the EU General Data Protection Regulation (GDPR) compliance, the team is now planning to use Varonis’s GDPR Data Patterns to provide a structured way of automatically identifying files that may contain Personally Identifiable Information (PII); from banking information to National Insurance numbers.

We now have a streamlined, manageable and robust way of obtaining information to ensure that we were not exposing data to any vulnerabilities. Coupled with this, the support has been excellent: from implementation to ongoing assistance, we’ve been really pleased with the team’s support. In fact I’d say they have been one of the best we’ve worked with.

Mike Simnett , ‎IT Infrastructure Development and Security Manager, IWM

Customer Profile

  • Customer: Imperial War Museums
  • Industry: Arts & Culture
  • Location: London

Varonis Products

See what products IWM uses to protect their sensitive data.

Read more

See how IWM uses Varonis to take control of sensitive data.

Download PDF
Learn More

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.