Computer Weekly European User Awards for Security: 2014 winners

Computer Weekly European User Awards for Security: 2014 winners announced

Five innovative IT projects have been chosen as the winners of the Computer Weekly European User Awards for Security 2014.

The security awards recognise innovation in information security and IT risk management.

A panel of independent judges viewed entries in five categories: Public Sector Project, Best Technology Innovation, Supplier of the Year, Private Sector Project and Cloud Innovation.

The winners are:

  • Public Sector: Barnardo’s
  • Best Technology Innovation: Whitestar (entered by Watchful Software)
  • Supplier of the Year: AirWatch for its work with Stockport NHS
  • Private Sector: SThree
  • Private Sector Honorable Mention: MoneyCorp
  • Cloud Innovation: Cognia

Public Sector: Barnardo’s

UK children's charity Barnardo’s worked with more than 200,000 children, young people and their families last year. The organisation runs over 900 services and has more than 500 shops, 8,000 staff and 15,000 volunteers. Barnardo’s information security department supports more than 10,000 users across 1,600 sites in England, Scotland, Wales and Northern Ireland.

When working with service users, notes need to be taken to provide a record of all interactions, which allows the charity to provide the right care, review practice and, ultimately, safeguard the young person. As volunteers support the work with service users, they are also required to record their interactions within one central record.

There are a number of secure processes to enable volunteers to record information on the central record. Maintenance of these various processes, none of which had been designed specifically for volunteer recording, is costly and difficult to do securely. The system relied on the goodwill of volunteers, but the main concern was around the duty of care Barnardo's has for the service users it works with and the information it needs to collect about them.

Barnardo’s was already using a cloud-based collaboration solution from Huddle for sharing documents with external partners, and realised it could develop a new way to use this technology.

Each service can now set up a secure workspace and give volunteers access to a folder. Invitations and access to the workspace are managed by the service manager, so they can be confident about who is able to access data. Barnardo’s solution ensures volunteers have the maximum time to do what they have volunteered to do: support vulnerable children.

Awards judge Clive Longbottom, founder of Quocirca, said: “It is a charity where data security has to be top of mind at all times, yet it has to deal with a highly diverse and distributed base of people who need to be able to access information rapidly wherever they are.

“Huddle provides it with the capability to do this.”

Best Technology Innovation: Whitestar (entered by Watchful Software)

Loan management firm Whitestar needed to be able to share information and exchange documents concerning customers and their assets in a safe and secure manner.

It wanted to know how it could maintain agility and efficiency through the rapid and effective use of information, while protecting sensitive information.

The solution was Watchful Software’s RightsWATCH, which was deployed to deliver classification and information access and flow control mechanisms, enabling users to give any file or email a security classification.

The deployment of RightsWATCH began with a controlled pilot project. The system was then used in a pre-production environment for a qualification phase, after which it was rolled out into production. The system was deployed to 300 users who, since then, have been protecting Whitestar’s information using RightsWATCH.

Longbottom said: “Watchful Software hits an area that is currently under the spotlight – looking at customer data security in the financial services vertical.”

Supplier of the Year: AirWatch for its work with Stockport NHS Foundation Trust

Stockport NHS Foundation Trust provides hospital services for children and adults across Stockport and the High Peak, as well as community health services for Stockport, Tameside and Glossop. Stepping Hill Hospital treats more than 500,000 patients a year and the community health services unit, which includes midwives and mobile district nurses, treats patients at more than 40 locations.

Aiming to provide the best care possible to thousands of patients each day, Stockport NHS Foundation Trust turned to enterprise mobility management (EMM) provider AirWatch to streamline its internal processes by going mobile.

Previously, patients treated at the hospital’s emergency department were admitted by the reception team using green screen monitors. A printed copy of a casualty card containing the patient’s information was the main record of care for the patient throughout their visit. Each casualty card was managed by the hospital’s administrative teams and was transported with the patient as they were transferred from triage to treatment.

Each staff member involved in the treatment process wrote notes on the card and then typed it into the patient administration system. Stockport NHS Foundation Trust is one of the few UK organisations that can deliver patients’ medical records electronically to general practitioners outside the hospital.

The trust adopted AirWatch Enterprise Mobility Management to safeguard patient data. It uses AirWatch solutions to enhance security on its fleet of about 250 mobile devices and to ensure patient data is not compromised or lost in the emergency department.

In the near future, the trust’s leadership plans to issue tablets to travelling nurses to enable them to access medical data and to record their interactions with patients, further improving the exchange of information between the community and the hospital.

Longbottom said: “Mobile device usage within the NHS is a major issue. Identifiable information, such as patient name, age and medical history, has to be made available on the device, and due to the nature of the environment, devices will be lost or stolen on a relatively frequent basis.

“Being able to centrally control all aspects of a BYOD device is an imperative, and AirWatch allows this to be the case.”

Private Sector: SThree

SThree is the parent company for organically grown global recruitment brands. Because sensitive information, such as executives’ CVs, are being shared and discussed, SThree must ensure information is secure over the air and on mobile devices.

To provide secure mobile email, SThree gave a restricted number of employees company-owned BlackBerrys. This worked for a while, but as new smartphones and tablets came to market, staff began carrying more than one device.

As well as limiting device choice, BlackBerry was also expensive to operate. SThree conservatively estimated that the total cost of providing a BlackBerry device was £1,000 per employee per year. With about 1,700 employees eager to use mobile services, it would be a significant cost for the company.

To find a better solution, SThree's IT team evaluated a number of mobile device management (MDM) systems without success.

It then chose Good for Enterprise, which securely manages data and devices and improves employee productivity. The system provides end-to-end mobile security, with FIPS certified encryption for data in transit as well as on users’ devices. The Good server is deployed behind the enterprise firewall, so security is not compromised by having to open new ports.

SThree currently has 1,300 employees running Good for Enterprise on their personal smartphones and tablets. The IT team worked closely with finance, legal, and human resources to develop policies and processes that worked worldwide. It also provided Wi-Fi in all its offices globally to support the deployment. Employees that chose the BYOD programme agreed to pay for all their mobile expenses. The programme has significantly reduced SThree's costs.

Longbottom said: “This entry deals with a more current issue for many organisations – BYOD – and takes an information, rather than a device, view on how an organisation’s intellectual property should be managed in an embracing manner.”

Private Sector Honourable Mention: MoneyCorp

Foreign exchange company Moneycorp has been serving its customers for over 30 years and handled more than 6.4m transactions in the past year alone. Handling monetary transactions makes the company a potential target for DDoS (distributed denial of service) attacks by hackers. When the company started suffering attacks, Moneycorp's head of IT services, Kenneth Byrne, contacted DDoS protection specialist DOSarrest for help.

DOSarrest’s Proxy Defense is a fully managed, cloud-based DDoS mitigation service that provides immediate (less than 15 minutes) protection from large, complex DDoS attacks for any server in any location worldwide.

Experience has shown that no single DDoS mitigation device can stop the full spectrum of attacks in existence. So instead of relying on purpose-built DDoS mitigation devices to stop all attacks, DOSarrest has developed, implemented and real-world tested a wide range of proprietary methods to stop all DDoS attacks.

Because it is cloud-based, the response time is minutes rather than hours or even days or weeks for DDoS protection to take effect. For Moneycorp, it proved the perfect solution when it came under attack to resolve the issue quickly and keep its business up and running.

Once deployed, Proxy Defense delivers complete and ongoing protection from DDoS attacks. In addition to DDoS protection, Moneycorp saw an improvement in its website’s performance, thanks to the content delivery network that supports DOSarrest Proxy Defense.

The initial attack on Moneycorp was on its main corporate website and email server. Once Byrne contacted DOSarrest, the website was back up and running within 15 minutes, with a member of DOSarrest's support team walking him through the process.

There were subsequent attacks, but the website never suffered an outage, as the Proxy Defense service took effect.

Longbottom said judges gave this entry an Honourable Mention because: “For such public-facing organisations, a DDoS attack can be catastrophic. Dealing with DDoS attacks is not simple. By ‘outsourcing’ the problem to the cloud, a much better means of maintaining business function can be attained.”

Cloud Innovation: Cognia

Cognia is a software developer that specialises in recording and analysing voice and data communications. It has developed a technology called the Cognia Cloud, which is based on Amazon Web Services (AWS). This enables organisations such as banks, utilities and contact centres to analyse and monitor customer communications for regulatory compliance, dispute resolution and performance management, using a single global platform.

Recognising a growing need among its contact-centre clients for a secure, cost-effective means to protect sensitive customer payment information, Cognia explored how it could use the benefits of AWS’s elastic computing capabilities to solve this problem.

The company used AWS’s tools and services, together with its own innovations in network management and monitoring, to extend its Cognia Cloud service to include secure telephone-based payment processing in 2013. In so doing, Cognia became the world’s first provider to achieve PCI DSS Level-1 compliance on a global platform.

By applying the core tenets of true cloud computing, Cognia is transforming the cost and ease of delivering secure voice services, such as recording, analysis and payment processing for businesses of all sizes, reducing the total cost of ownership by as much as 80% and providing operational flexibility.

Longbottom said: “Cognia is head and shoulders above the rest. It shows a real thought process behind how it looked at what it had created and how it believed cloud could add significant value if it could get cloud right.”

The winners

All the winners will soon be profiled in full case studies in Computer Weekly. Trophies are on their way to all the entries mentioned above.

Didn’t have a security entry? The Computer Weekly European User Awards are also looking for innovative projects in enterprise software and datacentre/storage.

Full details and deadlines for all the awards can be found here.

Read more on Web application security