NOW is the time to take cyber security seriously!

Cyber security has been in the news more and more recently! Microsoft has reported that there has been a 1,070 % increase in ransomware attacks year on year between July 2020 and June 2021.

Just before Christmas the vice president of UKG (part of which is Kronos), one of Crown’s competitors, and a major player in the workforce management arena, confirmed that they had had a serious ransomware attack and their senior management reported that “it may take several weeks to restore system availability” This happened at one of the most critical times of the year, with the seasonal staffing adjustments, holidays and, for some, end of year calculations. The attack affected many organisations worldwide including hospitals, universities, government agencies and commercial enterprises including Sainsbury’s in the UK. Not only did this attack cause a major outage of their systems but it has also been reported that there was a serious data breach, including the sports company Puma in the US having personal data of more than 6000 employees stolen. Until this attack, it would have been inconceivable that we would see large enterprises unable to pay their staff accurately because of long-term failures of their workforce management systems. But this indeed has been the case and many companies have now had to fall back onto paperwork and spreadsheets to prepare employee working time data.

Around the same time another cyber-attack, linked to hackers in Russia, led to the breaching of Gloucester City Council’s systems. The council has been working with the National Crime Agency and National Cyber Security Centre to understand more about the breach. They are setting aside £380,000 from council funds to help restore IT systems.

The UK's Foreign, Commonwealth and Development Office was recently also the target of a serious hacking incident. BAE Systems Applied Intelligence was called on to help with urgent cyber security support. It is understood that the unidentified hackers were detected as they got inside the FCDO systems. Although understandably the FCDO will not comment further on this security breach, it is understood that the urgent support contract was valued at more than £450,000.

For many organisations moving their applications to the cloud was a game changer, as it provided organisations much needed scalability and flexibility to adapt in an ever changing business environment. However, it has bought a different set of security risks, and it is important that developers and organisations alike remain vigilant and do not get complacent, as if not managed well it could open the potential to allow data to be vulnerable to leaks and losses to external perpetrators.

Crown recognised from the start that in the development of its managed cloud services security was paramount. This informed all development to follow 3 principles. 

1. The adoption of the well-recognised and accepted principles published by the UK National Cyber Security Centre.
2. It recognised that securing the services also involved reinforcing the security of its business policies, processes and operations. Crown achieved ISO 27000 and Cyber Essentials accreditation.
3. The use of a well-established secure cloud platform, Azure, that was already accredited and compliant with security, privacy, and regulatory standards.

Crown applications, both Workforce Management (WFM) for most organisations and Duty Management Systems (DMS) specifically developed for our many police clients, are delivered as managed cloud services using a Virtual Private Cloud (VPC) model. Services for each customer are hosted within a dedicated compartment on Microsoft Azure cloud, isolated from other customers. Each customer gets a fully managed virtual private “data centre in the cloud” complete with the application, infrastructure, and services. They get a distinct and separate tenancy in the cloud, with customer-specific application, database and configurations. Customers are isolated from other tenants and customers on the cloud at network level, and operationally independent from other customers. We are constantly reviewing and upgrading security measures to deal with emerging threats. 

In organisations that depend upon their workforce for success, WFM and DMS implementations are indeed essential and business-critical systems. With this cyber security worry you may well ask yourself “Why don’t I just keep my applications on site?”. Well, on-premise systems have varying degrees of security protection installed, depending on budgetary considerations, availability of technical skills, type of networking infrastructure etc. As a consequence, they too are likely to have varying levels of exposure to security threats and data breach. In addition, the installation, hosting and management of these applications on on-premise infrastructure platforms can distract from the actual business priorities resulting in higher costs of ownership.

In short, Crown’s managed cloud services can offer significant time and cost benefits. The benefits of our cloud services compared with on-premise implementations are that it:

• Has better security and information protection – our cloud infrastructure meets many higher security tests than on-site and is used by many of the police forces in the UK and other operations that require enhanced security measures, such as BAE Systems and governmental institutions.
• Minimises the need for infrastructure investments – a managed cloud service removes the need for customers to invest in IT infrastructure, its operations/management, or the associated acquisition time lags. Our cloud services are ready for immediate deployment that fit with your requirements and can flex with any changes, without capital commitments, meaning the application has more scalability, resilience and durability. Not only this, it removes the concerns of stranded assets. At the end of service term, any required underlying infrastructure is deallocated so that there are no further costs.
• Integrated operations, monitoring, management, reporting – On-site installations have a requirement to monitor and manage the application components, performance and the underlying infrastructure for performance, capacity and security, as well as data may need to be backed up regularly and stored offsite. As a standard cloud service, the full range of backup, monitoring, management and reporting is already included.
• Keeps up to date with technology – with managed cloud service, all the system software, middleware and technology services are maintained at or close to the latest supported version. Our cloud services include all the necessary licences required to deliver the solution.
• Can be deployed in different environments – The cloud service can be deployed not only in its live working environment but also in any number of supplementary environments to support configuration, testing, training or demonstration. Any environments that are required for projects and temporary purposes can be deallocated when they are no longer needed.
• Has commercial flexibility – The cloud service enables a much more simplified and flexible costing model by wrapping all the platform and service costs into a basic subscription.
  
  

To find out more about Crown's Workforce Management system
contact one of our specialists today!