Fareham Borough Council – Cyber Attack Compliance Made Possible

Friday 8th November, 2013

About the Council and their Requirements

Fareham Borough Council employs 500 people at its offices in Hampshire, delivering a broad range of services to more than 100,000 residents. From planning and development, Council Tax and Business Rates and recycling schemes, it processes hundreds of queries every day from its residents. Like any other public sector organisation, the council must handle a huge amount of sensitive data from third parties. The requirements to make the council’s financial information freely available to the public while demonstrating fail-safe data protection capabilities present a delicate balancing act that must be struck at all times. On top of this, the increased awareness of targeted cyber-attacks and Advanced Persistent Threats (APT) has seen the UK’s Cyber Security Strategy (CSS) and Code of Connection (CoCo) standards ramp up in intensity in recent years, which means existing processes are in constant review. Working within these parameters, the council must not only lock down its data, but also provide an efficient working environment for its employees. It is highly reliant on its security providers to help structure its Government Secure intranet (GSi) network accordingly, but under its existing suppliers, found this support was not forthcoming.

Suffering Poor Service

Andrew Scribbans, Technical Infrastructure Manager at the council, explained: “Every time we had to deal with a security measure, the experience was very poor. Even for minor rule changes to be approved, we had to develop logs and screen shots and wait hours to hear back from an engineer.” Eventually, with its network at risk of grinding to a halt and no response coming from its provider, the council was forced to hire a third party consultancy to implement its new systems. The thousands of pounds incurred in costs here can be added to the hours spent by the team attempting to configure settings internally.

‘You can’t have all this!’

In addition to this, the council was being told that it could not upgrade its security platform to provide all of the cyber-attack intelligence that it needed. In keeping with the requirements of CSS and CoCo, Andrew needed to implement an intrusion prevention system to actively check for attacks on the company network, with content filtering running across all web pages and devices in the workplace. “We presented this need to our provider, and were told quite simply, “You can’t have all this within the same firewall,”” Andrew continued. Faced with the prospect of having to buy separate proxy servers to give the council the security it needed, Fareham’s relationship with this provider quickly came to an end. Just prior to this decision being taken, Andrew had been presented a new offering from Khipu Networks based on Palo Alto Networks’ next-generation firewall, and had found that the changes he wanted to make were entirely within reach.

True Cyber Threat Management

Unlike its incumbent provider, Palo Alto Networks offered a flexible range of services within a single firewall, while adjusting network bandwidth to the council’s requirements. Andrew’s decision was made, and four next generation firewalls were promptly installed by Palo Alto Networks’ Platinum-status security supplier Khipu Networks. With the new devices up and running, Fareham can provide computing resources to manage network performance, monitor for attacks and carry out full content filtering while maintaining consistent levels of performance. Almost immediately, this was able to save several hours from each engineer’s day. The monetary value of these savings is viewed as significant, and of course any saving incurred for the council becomes a saving for the tax payer further down the line. In addition to this, by using the firewall’s granular network intelligence, Andrew can also view data on individual applications and users in the council, monitoring them at throughput speeds of 250 Mbps. This combination of security and ease-of-use is proving incredibly powerful for Fareham council.

Transparent Security

Andrew continued: “The security of our data is of the utmost importance, but our employees must also understand why we’re making the changes that we are. “With Palo Alto Networks, the council can be clear and consistent with its rules across the network. There is a transparency and clarity over why rules are changing; based on the information we can now gather for each user.” Using this new process, Andrew has been able to write flexible controls over many intensive applications. WebEx, for example, is now only freely accessible to certain employees due to the amount of bandwidth it consumes, and other users need to register a request to access it on a case-by-case basis. With the network now running at optimum speeds, Andrew estimates that the council as a whole can run a great deal more efficiently than was previously possible.

Back in Control

Overriding all of these new capabilities is a renewed sense of control at Fareham council. This has been created by the support framework offered by Palo Alto Networks and Khipu Networks. While being highly responsive to all security concerns, the team can allow the council to manage and configure all of its own rules and carry out its own support and analysis centrally. Andrew said. “Security needs to be simple, particularly in our industry, and with our new set up that’s entirely what we get. From jumping through endless hoops a year ago, we can now own the management of our own network, confident that the engine is proactively looking for new attacks that may be heading our way.” “Khipu’s post-sales support team has been excellent, giving us the confidence that we have an accredited and experienced supplier who we can rely on, something that we never had previously.” He concluded: “Government policy needs to be strictly adhered to and the public sector has to meet more of these regulations than most. The potential headache and costs of keeping up has been removed by Palo Alto Networks.”