View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 5, 2013updated 22 Sep 2016 10:58am

Case Study: One Connect selects McAfee for integrated security framework

McAfee aims to help the partnership save £100m over 10 years.

By Duncan Macrae

One Connect is a pioneering £400m joint venture partnership between Lancashire County Council and BT.

It commenced operations in May 2011 as one of the largest public-private partnerships in the UK with around 1,350 staff who help deliver 10 key services on behalf of Lancashire County Council and West Lancashire Borough Council.

One Connect now enjoys a 10 year contract with the County Council, and is committed to delivering service excellence, improved delivery and a constant focus on innovation for the benefit of citizens, schools, businesses and organisations across Lancashire. One Connect is helping Lancashire County Council to save £100m over 10 years while, during the same period, driving the shared service model to other councils and public services in the UK and growing the business to £1bn.

Challenged with a complex security estate

When Lancashire County Council and BT established One Connect in May 2011 they inherited a large, distributed and complex estate. Furthermore, given the range of services provided by One Connect, from HR, payroll and procurement, to a customer contact centre, it was critical that they had the best information security.

After taking time to agree priorities, the IT department at One Connect decided that the nine discrete security solutions in place including anti-virus, web filtering, data loss prevention, email encryption and hard disk encryption were too complex, costly and inflexible for supporting the organisation moving forward.

In particular, One Connect needed to be more flexible and agile in the way that staff work, as well as how the organisation collaborated and shared information with its partners, including emergency services and district councils. According to Mark Orford, director of ICT within One Connect, "the discrete security solutions meant that the security culture was one of ‘lockdown’ rather than being ‘security enabled’ and customer focused."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

An integrated security requirement

The One Connect ICT team decided to consolidate the patchwork of nine solutions into one centrally managed and fully integrated security platform. This would be a security consolidation on a scale rarely seen within UK local government. In doing so, it would reduce security complexity and cost, increase flexibility, and eliminate the vulnerability gaps formed with a best-of-breed model.

"In today’s security landscape, plugging gaps will only get you so far as you are at much greater risk of a security breach, whether inadvertent or malicious. With an integrated security framework, the risk is reduced significantly because you are protecting the device, information, network and infrastructure in a unified fashion," says Orford.

He and his team spent time reviewing the vendor marketplace and speaking with independent analysts. After a full market review, One Connect selected McAfee because it because it appeared to be the only supplier that had an integrated suite of solutions and services for every layer – Security Management, Network, Information, and Endpoint. Along with the security solutions provided by McAfee, One Connect also recognised the benefits of McAfee’s Security Connected framework as the foundation for their security strategy.

The ICT team is able to correlate and assess risk from a 360 degree view of security, drilling down from a graphical summary to asset level detail in seconds to make fast, smart decisions.

"We decided that McAfee was the best option for our needs – as a dedicated security vendor they offered us a seamless integration of solutions, services and intelligence," comments Orford. "We could harness their skills, knowledge and policies, while also having access to their dedicated services and support teams 24/7. This approach is ideal for our shared services model and our ability to configure standard policies for the requirements of each individual organisation."

A rapid transition

While One Connect invested in the entire McAfee platform from the outset, the migration from incumbent products would be phased. Initially the ICT team rolled our McAfee Mobility Management to Apple iPhone and iPad devices to the executive team. This allowed board level executives to reduce the number of devices from three to one, while allowing them stay in touch remotely in a more secure manner. This also helped to elevate security to the board room, essential for on-going sponsorship.

In parallel, the ICT team were presented with a huge challenge of deploying anti-virus and web filtering to 12,000 end-users within a 30 day window, due to the expiry of two technologies.

"This type of project would typically take six months from start to finish, but given significant cost savings presented as part of our standardisation on McAfee we migrated within a four week window," Orford explains. "This is where we have benefited from McAfee’s integration, expertise, policies and knowledge so we could deploy quickly and smoothly."

Anti-virus and web filtering is now deployed across the entire estate including district councils and emergency services in Lancashire. One Connect has replaced legacy technologies in the areas of antivirus, hard disk encryption, web and email filtering and device control. Additional security capabilities not previously available to the business but deployed as part of the McAfee Connected Security initiative include Advanced Network Protection, Data Loss Prevention, Vulnerability and Risk Management, Mobile Web security and Mobile Device Management.

These new capabilities in particular have helped One Connect support the council’s efforts to have a more agile working policy. A key part of this capability is having greater network and end-point security.

"McAfee’s intrusion prevention system (IPS) and endpoint security solutions are helping us facilitate easy, remote and agile working practices. By securing the network and endpoints, as well as the information itself, we are well positioned for a more flexible working culture. We expect to have this capability fully activated before the end of 2013," says Orford.

Proactive security management

One Connect has embarked on a security journey with McAfee that takes them from a set of discrete products to an integrated security suite for all levels of the IT infrastructure. As a result of talking a standardised approach with McAfee, One Connect can now conduct proactive risk management, make better security related decisions, and support a mobile workforce in a more secure manner to support Growth, Cost Reduction and Agility drivers.

Furthermore, using McAfee ePolicy Orchestrator (ePO), means every endpoint and policy can be managed centrally, while McAfee Global Threat Intelligence provides trends, planning and visibility into latest threats. Both of these solutions simplifies and streamlines security risk management across the entire environment that One Connect manages.

Security Connected breaks the mould of information security by aligning security with business goals. This is fundamental in helping One Connect deliver its ambitious growth targets, as well as reduce costs. In fact, Security Connected will allow One Connect to realise costs savings of £1.5m over five years and help other shared services customers significantly reduce their spend on ICT.

"Where the organisation was previously inhibited by security, such as agile working, with McAfee’s Security Connected framework we are now balancing the needs of the organisation with the constant security threats we face every day," Orford comments. "This is a pioneering approach to security within local government and positions us well to building and growing the business."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU