Just before Christmas the vice president of UKG (part of which is Kronos), one of Crown’s competitors, and a major player in the workforce management arena, confirmed that they had had a serious ransomware attack and their senior management reported that “it may take several weeks to restore system availability” This happened at one of the most critical times of the year, with the seasonal staffing adjustments, holidays and, for some, end of year calculations. The attack affected many organisations worldwide including hospitals, universities, government agencies and commercial enterprises including Sainsbury’s in the UK. Not only did this attack cause a major outage of their systems but it has also been reported that there was a serious data breach, including the sports company Puma in the US having personal data of more than 6000 employees stolen. Until this attack, it would have been inconceivable that we would see large enterprises unable to pay their staff accurately because of long-term failures of their workforce management systems. But this indeed has been the case and many companies have now had to fall back onto paperwork and spreadsheets to prepare employee working time data.
Around the same time another cyber-attack, linked to hackers in Russia, led to the breaching of Gloucester City Council’s systems. The council has been working with the National Crime Agency and National Cyber Security Centre to understand more about the breach. They are setting aside £380,000 from council funds to help restore IT systems.
The UK's Foreign, Commonwealth and Development Office was recently also the target of a serious hacking incident. BAE Systems Applied Intelligence was called on to help with urgent cyber security support. It is understood that the unidentified hackers were detected as they got inside the FCDO systems. Although understandably the FCDO will not comment further on this security breach, it is understood that the urgent support contract was valued at more than £450,000.
For many organisations moving their applications to the cloud was a game changer, as it provided organisations much needed scalability and flexibility to adapt in an ever changing business environment. However, it has bought a different set of security risks, and it is important that developers and organisations alike remain vigilant and do not get complacent, as if not managed well it could open the potential to allow data to be vulnerable to leaks and losses to external perpetrators.
Crown applications, both Workforce Management (WFM) for most organisations and Duty Management Systems (DMS) specifically developed for our many police clients, are delivered as managed cloud services using a Virtual Private Cloud (VPC) model. Services for each customer are hosted within a dedicated compartment on Microsoft Azure cloud, isolated from other customers. Each customer gets a fully managed virtual private “data centre in the cloud” complete with the application, infrastructure, and services. They get a distinct and separate tenancy in the cloud, with customer-specific application, database and configurations. Customers are isolated from other tenants and customers on the cloud at network level, and operationally independent from other customers. We are constantly reviewing and upgrading security measures to deal with emerging threats.
In organisations that depend upon their workforce for success, WFM and DMS implementations are indeed essential and business-critical systems. With this cyber security worry you may well ask yourself “Why don’t I just keep my applications on site?”. Well, on-premise systems have varying degrees of security protection installed, depending on budgetary considerations, availability of technical skills, type of networking infrastructure etc. As a consequence, they too are likely to have varying levels of exposure to security threats and data breach. In addition, the installation, hosting and management of these applications on on-premise infrastructure platforms can distract from the actual business priorities resulting in higher costs of ownership.