UCAS, the Universities and Colleges Admissions Service, is a charity that manages the UK’s students admissions to higher education. UCAS is automating parts of its digital infrastructure and security operations, for the IT team to focus on mitigating future threats.
UCAS manages almost three million applications from around 700,000 students to over 380 universities and colleges each year, culminating each August after A-level exam results. UCAS operates in an agile, cloud-first way and required cyber security to provide visibility into security events across the organisation and cloud applications they use, such as access controls around personal data. Deploying Splunk ES at its security operations centre (SOC) gives UCAS an analytics-driven approach to security, UCAS says. The ability to investigate incidents and answer key questions at machine speed will support the notification requirements under the General Data Protection Regulation (GDPR) and the Network and Information Systems (NIS) Directive for operators of critical national services.
Neil Bell, security assurance manager, UCAS said: “Students, universities and colleges trust us with their data, whether it be exam results or personal contact details, and it is our responsibility to work with leading technology companies like Splunk to safeguard it. Our decision to use Splunk ES and Splunk Cloud means that we are no longer firefighting day-to-day security issues and can now look to the horizon and prepare for future threats. This ensures that we are not only able to protect the existing generation of student data we hold, but we are also prepared to protect future generations as well.”
UCAS uses the Splunk App for Amazon Web Services (AWS) to monitor its cloud. This helps to ensure the correct AWS configuration and optimised billing of the AWS account which is key during the exam results time when the UCAS website receives thousands of hits a second and the infrastructure scales dramatically.
Richard Timperlake, vice president of EMEA, Splunk said: “Forward-thinking organisations recognise that the best way to protect valuable data is by harnessing the power of security analytics using data they already have. Leveraging the Splunk portfolio to build a security nerve centre, organisations like UCAS can create a security environment that is both robust and efficient.”
