Improving data visibility and compliance for an Irish technological university

The Challenge

As the university planned its move to Microsoft 365, there was limited understanding of where sensitive data was stored or how it was being shared. Without formal classification or retention controls, the risk of data exposure and non-compliance increased.

Key Challenges

• No data classification or labelling framework
• Limited visibility into sensitive and regulated data
• GDPR and regulatory retention requirements
• Risk associated with large-scale platform migration

The Solution

CWSI delivered discovery workshops and a data security proof of concept to provide immediate insight into data risk and inform a long-term governance strategy.

Solution Components

• Data discovery using Cognni
• Retention and classification proof of concept
• Department-level pilot
• Organisation-wide rollout roadmap

The Result

The university gained clarity over its data landscape and implemented controls that reduced risk ahead of migration.

Key Outcomes

• Visibility into sensitive and regulated data
• Implemented retention and classification controls
• Reduced data risk during migration
• Defined roadmap for wider rollout

Why CWSI

CWSI combined higher-education sector experience with deep Microsoft data security expertise to help the university understand risk before enforcing controls. The proof-of-concept approach allowed stakeholders to see value early and build confidence ahead of wider rollout.

“Understanding where sensitive data resides is fundamental to effective compliance in higher education. This engagement gave the university the insight and controls needed to reduce risk ahead of migration, while laying the groundwork for long-term data governance.”

Paul Conaty, Secure Data Practice Lead, CWSI