Chelmsford City Council deploys SureCloud to improve visibility, security and compliance

Moving from spreadsheets to a centrally-managed cloud solution has saved the Council time and effort

Councils in the UK are responsible for connecting employees to the Public Services Network (PSN), which helps public sector organisations work together and share resources. However, compliance is a major factor.

All local authorities in England and Wales need to follow the government's Codes of Connection (CoCo), certifying that their security reaches a certain minimum level, before they can connect to and provide services over the PSN.

The four-strong infrastructure team of Chelmsford City Council, which is responsible for about 160,000 citizens, are in charge of maintaining PSN compliance and ensuring that the infrastructure remains secure. However, until recently they were relying on inefficient legacy spreadsheet-based processes, which involved gathering data from multiple sources before collating it into a single document.

"We were having to delve into various different systems to find out where we stood," Ops Lead Caius Ajiz told Computing. "It involved a lot of manual processes and took a lot of time; we'd have multiple people constantly performing multiple tasks. We were using spreadsheets to keep track of these, and, as these were shared with various stakeholders, they tended to get buried in emails which proved very difficult to manage."

The Council wanted to adopt a more modern process and after several technical trials, chose SureCloud. It is using the solution as an event manager, as well as for vulnerability and ASV scanning and API testing.

Using these applications, the Council has increased its network visibility and can now continually monitor security, making compliance easier to ensure. In addition, SureCloud carries out a full infrastructure assessment every year, to provide the external validation needed to show that the internal infrastructure is performing as required. All of this data is stored centrally within the SureCloud platform.

"Infrastructure assessment has become a critical part of the solution for us. Each year SureCloud performs an in-depth assessment of our infrastructure, which we can feed into the platform to monitor our progress against over the course of the year. This ensures that any red flags raised during the assessment are fully addressed in a timely manner," Ajiz said.

He added, "In previous years it was nightmarish to manage vulnerabilities across the network and ensure we were continually meeting our compliance obligations. The SureCloud solution has streamlined these tasks, providing us with a single point of truth for us to refer to rather than having to gather information from multiple systems."