sportscotland is the national agency for sport and working with partners involved in delivering sport around the country leads the development of sport in Scotland.
sportscotland invests Scottish Government and National Lottery resources to build a world class sporting system for everyone in Scotland. sportscotland strives to ensure these resources are invested wisely to achieve best value and maximum impact.
As the national agency for sport in Scotland, the ability to share data, including highly sensitive medical data, throughout the organisation with coaches, athletes and external agencies is critical to the day-to-day running of the organisation.
In order to ease data sharing challenges, many employees within sportscotalnd were using their private consumer cloud storage services to share data. This included personal contact details and training schedules which potentially presented a broad range of information security challenges to an organisation with hundreds of employees and a widespread stakeholder network.
The two primary concerns involved security and the implications associated with a lack of centralised management. Due to the lack of centralised management, there was very little centralised visibility with regards to what data was being shared, who it was shared with as well as whether it was being stored solely within the UK.
Being a responsible organisation, sportscotland were very aware of their legal obligations and the Data Protection Act (DPA). The 7th principle of which states, "You must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised". This requirement is enforced by the Information Commissioner's Office (ICO) who have stated, "If inadequate steps have been taken for protection, it also amounts to a breach of the data protection principles".
For those found to be breaching the Data Protection Act, the ICO has a range of powers from naming and shaming in the form of publicly published undertakings, the ability to issue monetary fines up to £500,000 per incident or even to pursue criminal prosecutions.
Gareth Bevan, ICT Systems Engineer for sportscotland explains, "With our staff using their personal cloud services to share confidential data, there was potential to have little visibility as to what information was being shared and who had access to certain data. Critically there was no centralised control over what was being sent around."
This issue would have been potentially more problematic were a member of staff to leave the organisation. Nobody at sportscotland would have access to the employee's personal cloud storage account, meaning the data could no longer be managed and would remain with the employee when they left the organisation. This could result in the data being accessed or further shared with unauthorised persons outside of the organisation.
"Although we have had no incidents where data was compromised, due to our legal obligations and especially due to our increased profile through the Commonwealth Games in 2014, we knew we needed to implement a robust and highly secure method of storing and collaborating on data with centralised control.
sportscotland began looking for a new file sharing solution in January 2015 and after looking at a number of other solutions, they implemented Redstor's Centrastor offering to provide a dedicated access-anywhere file sync and share platform.
"When looking for a new solution we knew we needed to offer our staff the same functionality as Dropbox so as not to turn them away from sharing data altogether," explains Gareth. "However, we also knew that we needed an admin perspective to keep track of the information that was shared and who had access. Cost was very important and when we saw Redstor was priced competitively with other solutions, we knew the company and their technology would be a good fit."
sportscotland rolled out Centrastor in March 2015 and originally purchased 160 licenses which was later increased by a further 100 licenses three months later.
"After discovering how staff were previously using Dropbox and the frequency the service was being used, we realised that it would be beneficial for us to increase the number of licenses we purchased. The implementation process was gradual as we wanted to give employees a window of opportunity to migrate their files from Dropbox to Centrastor. We were conscious we didn't want them to feel pressurised and wanted to give them the chance to ask any questions and raise any concerns."
Following a smooth implementation process and ongoing support from a dedicated account manager at Redstor, sportscotland has successfully made the transition from the popular consumer file sharing service to a more secure and easily managed business focused solution.
Gareth Bevan comments, "The biggest difference to our organisation with Centrastor has been the visibility. Previously we had little to no control over what information was being shared or who it was shared with. This was a great concern that could have had serious consequences if there had been an incident. However, Centrastor has given us a peace of mind."
"The functionality of the service is excellent and its ease-of-use is very straight forward. Nobody within the organisation has had any issues with the technology. The ease-of-use was a very important factor, we wanted to make sure data is secure but also didn't want to hinder staff from doing their work."
He concludes, "Initially we decided to only roll out Centrastor to the employees who were currently using Dropbox but following the ease-of-use and positive feedback from the team, we are rolling out the service through the entire organisation."