Computer Weekly European User Awards for Security: Winners

Public Sector Winner: Solihull Met Borough Council (Entered by Good Technology)

Following an increase in staff requests Solihull Council in the Midlands decided to roll out a secure bring your own device (BYOD) policy. Managers wanted to achieve two things: Cost reductions from returned laptops and blackberries; and increased personal efficiencies through saved hours and a more productive workforce.

Solihull Council shows how an inclusive model for information security can work

Clive Longbottom, judge

With the help of Good Technology’s solution, Good For Enterprise, Solihull Council developed the Your Own Device at Home Policy (YODAH). Good for Enterprise gave employees secure access to email, calendar, contacts and browsing on all of the required devices.

More than 375 council employees – nearly 15% of the organisation’s eligible workforce – have already gone live with BYOD, enabling the company to achieve fiscal benefits and staff to gain time-saving benefits.

Judge Clive Longbottom, founder of Quocirca, said the top prize went to Solihull for its inclusive information security policy. “It deals with a hot topic [BYOD] and also flexible working, in allowing employees to work from home, and shows how an inclusive model for information security can work,” he said.

Judge Spencer Izard, IDC research manager, said: “Despite the application reading more as a mobility play than security, the approach to containerising business apps and data securely away from employees using the mobile device for personal matters is a much talked about strategy that has yet to be implemented broadly, yet provides many benefits.”

Best Technology Winner: Bromium (Best of Show)

Bromium is a relatively new startup, founded by the creators of the open source Xen hypervisor which powers the Amazon cloud. The company applied its virtualisation expertise to create vSentry endpoint security software, which isolates and secures every single untrusted network task within its own tiny virtual machine (microVM).

Bromium’s vSentry acknowledges the inescapable realities of vulnerable software and targeted persistent attacks that trick users into executing malware that is impossible to detect using traditional tools. 

But instead of trying to detect zero-day attacks and advanced persistent threats (APTs), vSentry assumes all internet tasks are untrusted and automatically puts each task in its own secure microVM with hardware-enforced isolation. A new microVM is automatically created every time a user performs a new task – opens a new web page, checks email, downloads a document, etc. 

MicroVMs that can behave in a proactive and predictive fashion show a high level of innovation

Spencer Izard, judge

If an attack occurs within any of these tasks, the malware remains contained and isolated inside the microVM.

Judge Andrew Rose, principal analyst, security and risk at Forrester Research, commented: “A great innovation that is likely to have a significant impact on endpoint security. Bromium reinvents the endpoint solution in a way that has no impact on the user, yet restricts attacks. Excellent.”

IDC's Izard said: “The concept of microVMs that can behave in a proactive and predictive fashion without affecting the overall performance of IT systems through network performance latency issues shows a high level of innovation that will hopefully translate to achievable business benefits.”

Longbottom agreed: “By sandboxing a device, security becomes so much easier – the system can be thrown away and restarted as and when needed. By starting from a viewpoint that a device is probably compromised, Bromium does not have to look at fighting this," he said. “It accepts it and turns the device purely into a container, where any compromise is separated from the working environment.”

Judges also gave Safetica’s entry an honourable mention. “A multi-level tool to secure information at rest and on the move and through DLP using behavioural analysis – nice, embracing approach,” said Longbottom.

Supplier of the Year Winner: Symantec (Case study mentioned: The Royal Liverpool and Broadgreen University Hospitals NHS Trust)

The Royal Liverpool and Broadgreen University Hospitals NHS Trust is one of the largest and busiest hospital trusts in the North of England with an annual budget of more than $640 million.

The Trust has worked with Symantec as its supplier for a number of years to meet its ever-evolving security needs. In the past year, the Trust and Symantec closely collaborated on the implementation of two new projects: Symantec 25, focused on reducing IT security costs by 25%; and the adoption of its mobile data management (MDM) strategy.

The Symantec 25 programme helps public sector organisations reduce relevant software expenditure by up to 25% while achieving a high level of security. Through this project, IT security costs were cut by a quarter and the Trust became able to more reliably identify, monitor and protect its data.

Through Symantec’s MDM strategy, the Trust wanted to enable mobile working, allowing staff to be more productive by having access to patient and clinical data at the patient's bedside. Symantec’s MDM strategy means that when a patient moves between wards, the data goes with them, letting the medical staff work more efficiently, thereby freeing up more time for consultative advice.

Forrester's Rose said: “Symantec's breadth of coverage and laser sharp focus on its new customer-focused strategy means it makes a great partner and is able to provide real business benefit – it is more than just another technology vendor.”

IDC's Izard said: “Enabling healthcare to utilise mobile devices in a secure fashion to increase the quality of patient care was a great example of technology supporting business behaviour, rather than technology restricting business behaviour.”

Private Sector Winner: IASME

IASME's (Information Assurance for SMEs) information security initiative helps small and medium-sized enterprises (SMEs) and the supply chain combat criminal activity online and improves online trust between partners.

The IASME website also offers non-technical advice to help businesses develop online security and safety. IASME is developing links with small business associations (including UKITA) to provide a regular feed of advice and comment on security matters.

It is very encouraging to see thought put into how to address and serve SMEs

Spencer Izard, judge

The initiative was the brainchild of a small group of academics and ex-government cyber security specialists who saw that information assurance processes were highly technical and difficult to achieve, particularly for small businesses which make up the vast majority of UK plc. IASME formed a consortium and gained part funding from the Technology Strategy Board under the Critical National Infrastructure heading to develop the ideas some four years ago.

IDC's Izard commented: “The SME is often either neglected or relegated to basic and simple solutions from the big vendors, despite SMEs having similar challenges as large companies but on a smaller scale. It is very encouraging to see thought put into how to address and serve this market.”

Longbottom said: “This aims at providing enterprise-class security to the engine of the economy, the SMEs. By doing so, not only are problems minimised within this core group, but they can also interact with large enterprises as peer, secure partners.”

Cloud Innovation Winner: Scrambls

The Scrambls service protects data in motion and shared in the cloud by establishing persistent controls over each individual post and file published. The user sets access rules for content ranging from simple restrictions to elaborate criteria. These rules can even be updated over time, modifying access based on changing business needs and evolving regulatory requirements.

Scrambls offers a great intellectual property approach to information security

Clive Longbottom, judge

Instead of relying solely on the site hosting their data to protect and control access to content, businesses can use Scrambls to establish and maintain rules determining how the data can be accessed, according to their own corporate guidelines.

For example, company posts shared on a collaboration platform can only be read by other employees, for a specific time period, using known devices.

Longbottom said of this entry: “A great intellectual property approach to information security that allows for user choice but applies enterprise controls.”

The winners

All winners will soon be profiled in full case studies on Computer Weekly and will be offered the opportunity to attend the end of year awards ceremony, when the overall winners of each category will be honoured.

Trophies are on their way to all of the projects mentioned above. Vouchers are on their way to the Best of Show winner.

Didn’t have a security entry? The Computer Weekly European User Awards is also looking for innovative projects in enterprise software, datacentre and storage. 

Full details and deadlines for each awards series can be found on our website.