About Lambeth Council
Lambeth is one of London's most densely populated boroughs, with 275,000 people living in an area of just over ten square miles. Lambeth Council provides a wide range of online services to its citizens, and prides itself on being a leader in public sector IT adoption while also maximising value for money. As a result of its highly successful IT strategy, the Society of Information Technology Management has recognised Lambeth as having the lowest IT costs of any London council.
Challenge
Lambeth Council needed to be able to respond to a new policy from the UK Department of Work and Pensions (DWP): from 30th September 2009, the exchange of all restricted or sensitive personal data between the DWP and local government organisations would take place via a new secure IT channel, the Government Connect Secure Extranet (GCSX).
To use GCSX, all local authorities would have to achieve compliance with a Code of Connection (CoCo) specifying 127 different security controls—including everything from site security and employee training through to IT monitoring and audit requirements.
"If we missed the deadline and were unable to connect to the DWP for any length of time, the impact on our public services would be very serious indeed," said Mary Cotterell, Technology Programme Manager at Lambeth Council. "To meet the infrastructure security requirements for our estate of several hundred mixed operating system servers, we needed a flexible, scalable log management solution that could be implemented as quickly and as cost effectively as possible."
Novell Solution
The Lambeth team began researching possible solutions, and performed a full market survey in accordance with its standard procurement processes.
"GCSX CoCo compliance is only relevant for UK local authorities, so there weren't many solutions on the market that were specifically designed to meet its needs," said Cotterell. "We decided on a different approach: choosing a more generic solution that was flexible enough to adapt to our immediate needs. This would also have the advantage of giving us a platform for meeting other requirements in future: for example, the Council offers a number of payment card-related services, so we may need to consider PCI-DSS compliance in the near future."
Adapting the solution quickly would require excellent vendor support, so this was another key requirement. Finally, it was important to get the best possible value for public money.
"We had a shortlist of five or six solutions, and Novell Sentinel™ Log Manager was the clear winner," said Ben Fountain, Information Security Officer. "We were impressed with the expertise and commitment from Novell and its partner Securiam, and their proposal also offered the best value for money of all the options we considered."
Within 30 days, the Novell, Securiam and Lambeth team had designed the solution, installed the software, and rolled it out across the server estate. As a result, Lambeth achieved GCSX CoCo compliance ahead of the deadline, and is now able to communicate seamlessly and securely with key central government systems. The software is now being rolled out to the rest of the infrastructure, and will soon provide a comprehensive log management solution.
"The Novell and Securiam teams did an excellent job during the implementation—dealing with issues rapidly and professionally, helping us to get the solution online well within the deadline," said Cotterell. "Their support will continue to be important as we extend and adapt the solution, and we are fully confident in the future of the partnership."
Results
From an operational perspective, Novell Sentinel Log Manager will transform the way Lambeth Council handles IT security issues such as virus infections and tracking file access.
"Novell Sentinel Log Manager gives us a single point of control where all logs are collected and analysed, providing a much more efficient way to handle security-related incidents," said Fountain. "Currently, the potential time-savings are only to be guessed at—but I would be surprised if our next significant malware/hacking event isn't identified, traced and triaged within hours."
"Novell and Securiam worked very successfully with the Lambeth project and operational teams to deploy the Novell Sentinel Log Manager under extremely challenging circumstances and a tight timeframe," said Cotterell. "Their expertise and support were invaluable in contributing to the overall success of our project and ultimately compliance."