ANSecurity, a specialist in advanced network and data security, announces a successful ‘always-on VPN’ security solution for The Stafford Railway Building Society that is helping to meet security, continuity and remote working requirements for the award-winning, local financial services provider.

Originally championed by a small group of railway workers, The Stafford Railway Building Society was established in 1877 and is still going strong with a focus on straightforward, good value products backed by a plain-speaking, friendly service. In 2018, the society scooped the coveted ‘Best Local Building Society’ in the Mortgage Finance Gazette Awards.

Automation of internal functionality

The Society is firmly committed to embracing the changes and challenges of today’s society

Although proud of its tradition, the Society is firmly committed to embracing the changes and challenges of today’s society. In late 2017, the Society migrated its Core IT system to Mutual Vision, a private cloud-based application. This provides the Society with improved capability to further develop both a more efficient, automated member-facing process and significant scope for the automation of internal functionality.

During 2018, the Society concentrated on embedding the new core system and utilizing the additional features it had to offer. The first significant enhancement being the introduction of SRBS Mortgage Hub to give Mortgage Brokers a digital connection to the Society. The IT team also began a dual-use project to implement more remote working with the aim of increasing flexibility for staff while also strengthening its business continuity planning so that it can work remotely in the event of any site impacting issues at its head office.

Highest levels of security

Continuity planning and security are two major requirements for us,” explains Heather Hamilton Head of IT for Stafford Railway Building Society, “Although we have disaster recovery arrangements it would be difficult to operate our service in the event of a major outage. In terms of security, any type of remote access needs to have the highest levels of security to meet our regulatory requirements as well as industry best practice.”

We wanted to make the process simple for our staff to use and the IT department to manage"

Lastly, we wanted to make the process simple for our staff to use and the IT department to manage - what we wanted was a solution that could solve all three challenges in an elegant way.” Hamilton contacted ANSecurity for advice following a recommendation from an IT contractor that had carried out an earlier project at the Society.

Successful proof of concept

ANSecurity did an assessment and created a solution that would ensure that all of our access, both internally and from remote workers would be validated by an always-on VPN along with digital certificates embedded on each device,” explains Hamilton.

Following a successful proof of concept, the full roll-out of the Pulse Secure VPN took place over a two-day period, including staff training. “The solution allowed us to turn off the secondary WIFI network and now everything runs over a single network and is automatically validated before the user can access any applications,” she explains.

This strangely has been one of those things that we deployed, and we've actually had positive feedback"

The login is really easy to use for the staff, as all the additional checks are all happening in the background. This strangely has been one of those things that we deployed, and we've actually had positive feedback where we've had staff come to us and say... ‘oh that always-on VPN is really good,” Hamilton adds.

Delivering clear return on investment

The Society is now rolling out remote working to staff in stages and the initial feedback has been very positive. “It not just for home working,” she says, “We have also had positive feedback from our executives who can now quickly and securely access our key apps without any issues while away from their desks in meetings on or off site.”

The solution has delivered a clear return on investment, reduced the number of calls to its IT helpdesk and proven extremely reliable. “ANSecurity has been with us every step of the way during this project,” says Hamilton, “They have been both professional and helpful and delivered a solution that easily exceeded our expectations,” Hamilton concludes.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

In case you missed it

How Can You Be Sure Your Organization Is Protected When It Comes To Cyberphysical Security?
How Can You Be Sure Your Organization Is Protected When It Comes To Cyberphysical Security?

At ISC West this year, emerging technologies will be on display to help organizations manage their environments, from the building itself to who’s on the premises and what’s going on at any given moment. Top of mind this year is cybersecurity, compliance and management of security assets as threats rise and governing bodies put regulations in place that businesses need to react to. The good news is that the shift in approach to holistic monitoring of cyber and physical assets can move enterprises to a place of digital transformation and proactive management rather than reactive practices based on threats and changing regulations. The show provides an opportunity for both vendors and potential customers to learn from each other about what’s out there and what’s needed in terms of future solutions as the industry evolves. Are you in cyber and physical security compliance? At this year’s show, we’ll continue to see developments focused on integration of cyber physical security that will lead to deeper understanding of the relationship between devices, device monitoring and spaces in which all devices physically reside. Digital solutions help achieve a digital transformation which stitches the data relationships together to provide better threat vector impact and overall understanding of risk. The technologies in smart buildings are subject to cyberattacks, which pose not just a threat to data and privacy but can compromise the physical space as well. Think of the locked door in a smart building that now is opened with access control via key cards or mobile devices given only to certain members of staff. These integrations increase safety and restrict access across the enterprise, but a bad actor can access and duplicate the necessary data to open the door with a copycat device while hiding the event from the surveillance system. By having a comprehensive cyber whitelist of installed devices, potential rouge devices are prevented from transmitting on the network, therefore providing an automated guard against internal and external attacks. When systems are compromised due to a hack or physical intervention, it puts what’s behind the door at risk, whether it’s money in a bank or information in a sensitive work environment, such as a laboratory. Digital solutions help achieve a digital transformation which stitches the data relationships together It’s increasingly important to highlight the relationship between cyber and physical security. A great illustration of this is the digital twin. A digital twin is a replica of a physical space that uses both informational and operational technology to give real-time information about what’s going on in a space.  These can include things like floor plans for the building as well as real-time sensor data from the building management system, HVAC systems, lighting, fire, security, and more. By getting a complete picture of the physical and digital assets of an organization, it becomes possible to monitor all systems from one central location to see how they’re working together and act on the insights they provide. So, in the example of a breach from before, it’s possible to flag that hack, isolate its exact location and devices involved, and resolve it quickly while maintaining preservation of evidence. Compliance: how to get there safely, efficiently and effectively As these threats evolve, governing bodies are taking action to ensure that data is protected to minimize these kinds of threats and ensure that organizations feel confident in the security of their data. Norms and compliance measures are emerging quickly, such as General Data Protection Regulation (GDPR) which began to be enforced in March 2018, and the California Cybersecurity Law, which went into effect in the US just this past January. The regulations of what can be done with data mean that companies need to react or face penalties such as fines, which can be as high as 4% of worldwide annual revenue of the previous year. These are also fluid and can change rapidly, meaning flexibility is important in compliance solutions. However, this presents an opportunity for companies to invest in innovation to ensure they’re prepared for those changes and to protect the safety of not just employees, customers and target markets, but of the larger organization. Getting to a place of compliance can seem costly and time consuming at the beginning Getting to a place of compliance can seem costly and time consuming at the beginning, especially for larger organizations. They may have thousands of security assets (cameras and sensors, for example) and might not even be fully aware of what they have, where they are, and whether those assets are functional, never mind compliant with data protection legislation. The right solution takes all the steps to becoming safe and compliant into account, beginning with inventory and mapping of all assets to get a complete picture of where things stand and where changes need to be made. One large financial institution, upon embarking on this journey, identified an additional 10% of assets that they didn’t know they had, and additional ones that were nonfunctioning and needed to be repaired or replaced for compliance and safety. Monitoring: centralized and remote for rapid response Once assets and data are centralized and a complete inventory is taken, it’s much easier to effectively monitor the complete enterprise. At this year’s show, smart technologies will be on display that reduce cybersecurity risks and monitor assets for compliance. If something changes, that can be flagged, and appropriate parties can be quickly notified to act and neutralize security threats or avoid the expensive penalties that come with noncompliance. Since all these components are centralized in one location, it becomes possible to monitor much more effectively and fix issues remotely in minutes rather than scheduling a trip to a location that may not happen for days or even weeks. A security camera for a large chain enterprise such as a retail store or bank in a small-town location deserves service just as quickly as one in a major city, since the threat that each non-functional device poses is the same to who and what it is there to protect. Keeping it up: a proactive approach to service and maintenance One of the ways that emerging technologies can be a game changer is when it comes to the cost and approach One of the ways that emerging technologies can be a game changer is when it comes to the cost and approach to systems maintenance and operation. In addition to performance and compliance, other types of data, such as historical events, can also be monitored centrally. This gives context to security events and can move organizations from a reactive to a proactive approach to their security as well as operations. If small problems are identified and resolved before they become larger problems, it means that security events can be mitigated more quickly or prevented entirely due to early intervention. On the operations side, early insights into asset performance means that fewer resources are expended on noncompliance fees and large-scale, emergency repairs. These resources can take the form of money, but also of time spent by employees and enforcement agencies to ensure continued compliance. Staff can spend time engaged in active monitoring rather than generating reports, since that can now be automated. In the new decade, it’s time to use the technological resources available to better protect systems for smarter, safer and more sustainable environments. On every level, compliance is important not just for its own sake, but so are the other benefits associated with intelligent management. The show presents an educational opportunity for vendors and customers alike. Walking around the show floor and talking to everyone is a unique way to see what’s out there and evaluate what is and isn’t working for a business while getting information from all the industry experts. Even if they’re not ready for a complete overhaul, taking stock of what’s available, where things are heading and how their operations and mission can be better served by implementing one or more of the solutions showcased is more important than ever. On our end, those conversations about needs and concerns are invaluable in driving innovation.

Q&A: How The ‘Secret Service Of Hollywood’ Protects Celebrities
Q&A: How The ‘Secret Service Of Hollywood’ Protects Celebrities

At a major music festival, a fan in the crowd aggressively leapt over a barricade to approach a famous artist. Personnel from Force Protection Agency immediately implemented extrication protocol to shield the artist from physical harm, quickly reversed course and calmly led the client away from the threat. Force Protection Agency (FPA) personnel intentionally did not engage the threatening fan in any way, as local venue security personnel were present and tasked with apprehending the rogue fan. FPA’s efforts were directed expressly toward the protection of the client, avoiding unnecessary escalation or complications and minimizing physical, visual, and legal exposure. Dedicated to the safety of clients Force Protection Agency is a unique, elite-level agency inspired by a vision for excellence and innovation Specializing in protecting celebrities and high-net-worth individuals, Force Protection Agency is a unique, elite-level agency inspired by a vision for excellence and innovation, and dedicated to the safety and success of clients. The agency was formed in 2017 by Russell Stuart, a California State Guard officer and security and entertainment industry veteran. The agency is the culmination of 20 years of experience in the fields of security, military, emergency management, logistics and technology, media and entertainment, and celebrity management. We interviewed Russell Stuart, Founder and CEO of Force Protection Agency (FPA), which has been called “the Secret Service of Hollywood,” for his insights into providing security for celebrities. Q: What unique need in the marketplace do you seek to serve, and how are you qualified to serve it? Stuart: The needs of celebrity and high-net-worth clients are complex and constantly changing. When dealing with a high-profile individual, discretion is paramount, extensive communication is required, and adaptation is ongoing. A critical objective is anticipating and planning for all types of potential negative scenarios and preventing them from even starting, all while not disrupting the normal course of operation of the client's day or their business. Force Protection Agency is poised to serve these needs by innovating and intelligently managing the planning, procedures, and personnel used in every facet of protecting the client’s interests and achieving their objectives. Q: What is the typical level of "professionalism" among bodyguards and security professionals that protect celebrities? Why does professionalism matter, and how do you differentiate yourself on this point? Stuart: Professionalism is an overall way of approaching everything to do with the business, from recruiting, to training, to making sure the right agent is with the right client. Nothing matters more; polish and precision are not only critical to mission success, but also support the comprehensive best interest of the client while preventing costly collateral damage and additional negative consequences. True “professional protective services" is intelligent strength and proper execution, not emotional or reactionary violence. Unfortunately, the latter is frequent among many celebrity bodyguards, and often incurs extremely expensive and even dangerous repercussions. Q: Your company has been described as "the Secret Service of Hollywood." How true is that comparison, and how does your work differ from (e.g.) protecting the President? Force Protection Agency prides itself on providing its services with discretion, precision, and poise Stuart: Totally true, and for this reason: the keys to success in protection are prioritization, and planning. Most people fail to even recognize the first, negating any level of effort given to the second. Establishing the true needs and the correct priority of objectives for each individual client and situation, and firmly committing to these without deviation, are what distinguishes both government secret services and Force Protection Agency from the vast majority of general security firms. Also, the term “secret service” implies an inconspicuous yet professional approach, and Force Protection Agency prides itself on providing its services with discretion, precision, and poise. Q: What is the biggest challenge of protecting celebrities? Stuart: The very nature of celebrity is visibility and access, which always increases risk. The challenge of protecting a high-profile individual is facilitating that accessibility in a strategic and controlled manner while mitigating risk factors. A client’s personal desires and preferences can often conflict with a lowest risk scenario, so careful consideration and thorough preparation are essential, along with continual communication. Q: How does the approach to protection change from one celebrity (client) to another? What variables impact how you do your job? Stuart: The approach is largely determined by the client’s specific needs, requests and objectives. The circumstances of a client's activities, location, and other associated entities can vastly disrupt operation activities. A client may prefer a more or less obvious security presence, which can impact the quantity and proximity of personnel. Force Protection Agency coordinates extensively with numerous federal, state, and municipal government agencies, which also have a variety of influence depending on the particular locations involved and the specific client activities being engaged in.  Q: Are all your clients celebrities or what other types of "executives" do you protect – and, if so, how are those jobs different? Stuart: Force Protection Agency provides protective services for a wide range of clients, from the world’s most notable superstars to corporate executives and government representatives. We also provide private investigation services for a vast variety of clientele. Force Protection Agency creates customized solutions that surpass each individual client’s needs and circumstances. The differences between protecting a major celebrity or top business executive can be quite different or exactly the same. Although potentially not as well known in popular culture, some top CEOs have a net worth well above many famous celebrities and their security needs must reflect their success. Q: What is the role of technology in protecting famous people (including drones)? Technology is crucial to the success of security operations Stuart: Technology is crucial to the success of security operations and brings a tremendous advantage to those equipped with the best technological resources and the skills required to maximize their capabilities. It affects equipment such as communication and surveillance devices like drones, cameras, radios, detection/tracking devices, GPS, defensive weapons, protective equipment, and more. Technology also brings immense capabilities to strategic planning and logistical operations through the power of data management and is another aspect of Force Protection Agency operation that sets us apart from the competition. Q: What additional technology tools would be helpful in your work (i.e., a “technology wish list”)? Stuart: The rapidly growing and evolving realm of social media is a massive digital battlefield littered with current and potential future threats and adversaries. Most mass shooters as of late have left a trail of disturbing posts and comments across social media platforms and chat rooms that telegraphed their disturbing mindset and future attacks. A tool that could manage an intelligent search for such threats and generate additional intel through a continuous scan of all available relevant data from social media sources would be extremely useful and could potentially save many lives. Q: Anything you wish to add? Stuart: Delivering consistent excellence in protection and security is both a vital need and a tremendous responsibility. Force Protection Agency is proud of their unwavering commitment to “Defend, Enforce, Assist” and stands ready to secure and satisfy each and every client, and to preserve the life and liberty of our nation and the world.

What are the Security Challenges of Protecting Utilities?
What are the Security Challenges of Protecting Utilities?

Utilities are an important element of critical infrastructure and, as such, must be protected to ensure that the daily lives of millions of people continue without disruption. Protecting utilities presents a unique range of challenges, whether one considers the electrical grid or telecommunications networks, the local water supply or oil and gas lines. Security technologies contribute to protecting these diverse components, but it’s not an easy job. We asked this week’s Expert Panel Roundtable: What are the security challenges of protecting utilities?