Local UK Councils Collaborate Over Security and IT Operations to Improve Operational Efficiencies
Executive Summary
The Orbis partnership was created to streamline back office services across three local authorities in South East of England, comprising Brighton and Hove City, East Sussex and Surrey Councils. Spanning across 550 sites, Orbis delivers services such as finance, IT, procurement and HR to over 20,000 users. Combining such a vast infrastructure meant a standardized security information and event management (SIEM) solution was essential to improve efficiencies and security. Splunk has been a key part to Surrey County Council’s infrastructure upgrade and modernization, which kick-started the SIEM replacement process. Since deploying Splunk Enterprise and Splunk Enterprise Security (ES) as its SIEM, Orbis has seen multiple benefits including:
- Unified security visibility across multiple locations
- Improved information governance and compliance
- Faster identification and resolution of faults and incidents
|
SPLUNK USE CASES
|
|
SPLUNK PRODUCTS
|
- Antiquated and disparate legacy systems including LogRhythm SIEM and Novell infrastructure monitoring tools
- Needed to retain separate data ownership but present a comprehensive visibility across the partnership
- Automation of varied compliance processes to streamline the audit process
- Improved collaboration to create a single-pane-of-glass view across three councils
- Secured information governance and compliance requirements critical to operating in the public sector
- Improved customer service through faster response times to faults and incidents
- Microsoft Active Directory
- Proxy server logs
- Firewall log data
- DHCP log data
- Windows Server logs
- McAfee and Symantec
- Nessus (vulnerability management data)
- SupportWorks (CMDB integration)
- Nedap (door access controls)
- MobileIron (mobile device management)
- Cisco (network devices)
- Pule (VPN appliances)
Why Splunk
The three councils within the Orbis partnership deliver local government services to end users at various locations, ranging from corporate management offices and fire stations to youth centers. Shrinking budgets had caused the councils to look at blending back office systems as a way to improve efficiencies and reduce costs. However, diverged and disparate infrastructures made it hard for the security and networking teams to obtain an overarching view of compliance and IT operational needs.
Orbis member Surrey County Council had already chosen Splunk Enterprise as part of its own IT infrastructure modernization effort. Following a recommendation, the council chose Splunk ES as a natural fit to offer a standardized SIEM solution across all three councils, replacing existing products as they reached end of life or were deemed no longer fit for purpose.
Morgan Rees, technical delivery manager, Surrey County Council says, “Our desire within the partnership is to put everything on a converging basis but we must make sure that it’s fit for purpose for each individual council. East Sussex was using a version of LogRhythm which was coming up to end of life, so they looked at what was on the market, and what Surrey was doing and saw that Splunk was the best fit.”
“There is a cost avoidance benefit by identifying security issues and incidents early, and quickly, that meant things like when WannaCry was hitting the NHS we could quickly identify where there were issues and remove the offending device from the network to prevent it spreading further.”
Morgan Rees, Technical Delivery Manager
Surrey County Council
Comprehensive operational visibility
By replacing a raft of competing SIEM products and bringing that functionality under the umbrella of the Splunk platform, Orbis was able to achieve its desire of a single operational view while maintaining all-important information governance. “Splunk has allowed us to design and create three separate data stores for each organization and a common search head so that each council can maintain ownership or control over the data, and then using that common search head, data can be queried and searched to allow a centralized view and break down silos,” Rees says.
The Splunk platform also underpins Orbis’ adherence to various key compliance requirements by automating the collection, search, alerts and reporting of logs and machine data making it easier to build an audit trail. Of particular interest to Orbis was complying with Public Services Network (PSN) and National Health Service (NHS) regulations — crucial when handling vast quantities of the general public’s personal data or interacting with other government bodies.
“All compliance regimes require a good security practice, and that includes having a good SIEM tool that allows you to manage that risk with specific context to our organization. Splunk is a fundamental and underpinning part of those compliance regimes.”
Morgan Rees, Technical Delivery Manager
Surrey County Council
Improved fault resolution
Splunk Enterprise has been instrumental in speeding up fault diagnosis throughout IT services including social care, waste and road management. According to Rees, cost avoidance through tool consolidation has been an unforeseen but greatly valued additional benefit to the original SIEM replacement function. Using the indexed data gathered by Splunk, the network team has been able to reduce the time taken to identify and respond to incidents ensuring improved customer service. Regardless of whether it is a security alert or troubleshooting website issues, multiple teams can now identify and resolve faults, limiting downtime and disruption as there is no need to go through multiple departments for escalations and root cause.
“It has been a really straightforward product to implement. Getting data sources into it, indexing and searching on them has been a really straightforward task.”
Morgan Rees, Technical Delivery Manager
Surrey County Council
Ongoing plans for greater improvements
By using Splunk Enterprise and Splunk Enterprise Security, Orbis has gained greater efficiency of services at scale and improved operational visibility. With public sector finances coming under increasing pressure, the partnership will continue to look for ways to capitalize on collaboration and sharing of information and services, according to Rees