Building secure digital services

BUILDING SECURE DIGITAL SERVICES

Manchester, 22nd October

Dave BeesleyTechnical DirectorNetDef

Agenda

Evaluating IT infrastructure and processes to meet the needs of a rapidly changing sector.

Planning a robust infrastructure on which to build secure digital services.

Answering the security questions posed by regulatory compliance requirements.

What are digital services?

External Internal

• Digital inclusion solutions• Rent payments• Access to tenant facilities• Telemedicine

• CRM solutions for tenant management

• Agile working systems• Data sharing amongst

apps

× Access× Skills × Motivation× Trust

Over a third of these are in social housing

Why?

Digital Exclusion

~20% of population not using digital services

Security considerations

• Tenants feeling unsafe online/cyber-crime• Mitigated by training/help with getting online

• https://www.cyberstreetwise.com/• https://www.getsafeonline.org/

• Mitigated by technology• Gateway level security software• Access to security software

• Potential reputational damage• Tenants accessing illegal material

• AUP and monitoring/controls

• Cost of implementation of security• Assurance/testing/compliance/management

https://www.cyberstreetwise.com/

https://www.getsafeonline.org/

Current IT Infrastructure

What does the business require?

• SLAs• Capacity

How are projects developed with the

business?

Cyber risk on corporate risk

register?

Business continuity and disaster recovery

plans?

Evaluation & asset management

Planning for future developments

Agility & flexibility of infrastructure

Speed of execution for new projects

Cloud versus on-premise or hybrid

Security considerations

baked into projects Saves money Reduces risk

Compliance considerations

Testing/assurance Safe Harbour EU ruling – important for cloud

PCI/Data Protection/ISO27001

Ensuring reputational integrity

Which standards are relevant? Who to turn to for advice?

Our approach

Prevent

Detect

Respond

NetDef projects

Regenda Group • Disaster Recovery

and Business Continuity Strategy

Guinness Partnership • Security

infrastructure Auditing Services

NDA• Security Auditing for

Compliance

Recent examples of consultancy work in housing associations

Your to do list

Security risk assessment – risk register

Capacity planning and/or evaluation of future needs

Testing/security assessment for compliance

Business continuity and disaster recovery planning

Asset Management

Thank you

Dave Beesley, Managing Director, NetDef

Building secure digital services

Technology