Page 24 - Gi flipbook February 2018
P. 24
TRIPLE platform, and the use of management
tools and automation.
This cloud adoption required us to
think differently about our security
DEFENCE approach. We initially looked at a
traditional (and rather expensive)
network access control system to
separate us from our sister company
SSE. However, having evaluated
innovative alternatives, we adopted a
software defined perimeter (SDP)
Mo Ahddoud, Chief Information Security Officer approach. SDP allows us to treat the
at SGN, outlines a new security strategy for network as untrusted, diagnosing which
their people, processes and technology network it is using to access business
information. This means we can support
mobility, agility and improve the user
experience as they can connect with us
anytime from anywhere.
Taking a new risk-based
approach to business
We wanted to change the perception
of the way we do things by moving to
an integrated, risk-based methodology
for all our business operations. Our
aim is to embed a risk-management
culture and a common sense approach
(as opposed to a policy-driven one) for
all IT services including IS.
Dealing with insider threat
The National Computer Security Centre
(NCSC) has identified insider threat as a
primary risk for critical national
infrastructure (CNI) companies such as
ours, so we contracted a small company
called Dtex, and now use the employee
behaviour-learning tool and application/
device inventory they’ve developed. The
application learns to recognise and log
normal patterns of behaviour, and
reports any suspicious activity. This has
allowed security and IT to build a better
profile of our users’ behaviour, including
analytic information on how we use our
applications and devices. As a result, we
arly in 2017, the WannaCry In 2017, we revised our information can now plan for future device
attack crippled the NHS security (IS) strategy and developed a specifications and remove any unused
network and many other number of programmes to deal with ones, which saves on cost. Building a
companies around the the threats we face as we support our user-profile-enabled IT tool to anticipate
E world. In September, we company vision to keep our customers and improve user experiences works
were notified of a deliberate and safe and warm by leading the way in especially well around peak
targeted global attack on the utilities energy delivery. workloads. The application has now
sector. These attacks and many others been fully rolled out.
like them have reinforced the need to INNOVATION IS EVERYTHING
put more effort, focus and resources A new SDP approach Raising employee awareness
into cyber security. The UK government We’ve defined and are implementing of cyber risk
has pledged £2 billion in its cyber an ‘all-in’ cloud strategy through an We found managing our own security
strategy and has stated it wants to 18-month migration plan. This strategy intranet site was resource intensive
establish a stronger relationship with will not only see our services migrated and time consuming, and the
utilities. It’s no surprise our board and to global best-in-class providers, but information wasn’t always up to date,
executive team have identified cyber will also result in the majority of our IT so we moved to a managed site from
risk as the number one corporate risk estate being rebuilt, including a new, a company called The Security
we face currently. secure network service, integration Company (TSC). TSC provides annual
24
CyberSecurity.indd 1 18/01/2018 11:33
