Peter Miller explains how Visionist helped the Department for Business, Energy & Industrial Strategy (BEIS) and the Department for International Trade (DIT) transform their digital capabilities, processes and people
BEIS’ legacy network was set up to be secure but proved limiting in terms of external connectivity. Like many government departments, services were delivered via the public services network (PSN), where the network itself was a secured ‘OFFICIAL’ environment, and all service providers were required to adhere to the PSN Code of Connection.
The legacy PSN services were restricting the department’s ability to exploit modern digital services and collaboration opportunities – technology that could help BEIS work more efficiently.
BEIS engaged with Visionist to:
- Validate the business requirements and;
- Engage with the department’s Change and Engagement supplier to develop an end-to-end digital service with ServiceOps and DevOps functions.
The end-goal? To enable the department to move from a traditional service integrator/prime contractor model to an in-house, civil-service-resourced model with appropriate governance and processes.
As the department’s technical delivery partner, Visionist designed, developed and delivered a secure, internet-only, and loosely coupled commodity-based service. This system enhanced the department’s ability to exploit digital transformation while maintaining the high levels of security set by the National Cyber Security Centre.
Utilising the Gov WiFi wireless infrastructure and an innovative suite of products to separate and secure application data, users now enjoy new freedom of movement without hindrance and a vastly improved end-user experience. They can now connect to modern digital services and collaborate with partner organisations and departments.
Dealing with complexity
Even with the new cloud-based network in place, BEIS and DIT still needed to be able to access a multitude of business applications via the legacy PSN network.
The new infrastructure thus needed to deal with two types of communication systems:
Client-to-system – the communication between the end-user device and the capability to consume services and;
System-to-system – the communications between the legacy service and the new services to conduct user authentication and access applications.
Here’s how Visionist did it:
To enable both sets of communications (client-to-system and system-to-system), Visionist established a secure route from the new cloud-based Amazon Web Services (AWS) environment to the encrypted PSN environment.
For the technical-minded among us, this involved:
Securing Visionist’s virtual private network (VPN) into AWS and;
Establishing virtual routing and forwarding between the unencrypted and encrypted networks to form an interoperability gateway, compliant with the PSN Code of Connection.
By creating this linkage, Visionist created a ‘system-to-system’ communications network that allows Active Directory Trusts to allow users to consume services between the directory services in the new AWS environment and the legacy application directory services in the PSN domain.
What about security?
To maintain high levels of security, this model utilises the principle of securing the endpoints rather than the bearer network. To enable secure user traffic, Visionist needed to ensure that the traffic from the end-user device over the internet is secured up to the point where it interfaces with the AWS reach-back virtual private cloud (VPC).
After a considered product selection process, the consultants decided to use Zscaler Private Access, a product which uses a combination of policies to establish a dynamic, secure connection from the end-user device to the termination point in the AWS-PSN VPC, a ‘VPN-like’ capability. The advantage of the AWS-PSN VPC set-up is that the connection is created across the Internet dynamically, providing a more flexible solution over traditional ‘static’ VPNs.
The expert consultants at Visionist designed, developed and deployed the end-user devices in such a way that:
Core services such as identity management and web security are hosted out of AWS and Microsoft Azure;
Staff can benefit from the seamless, connected cloud-based network;
At the same time, Visionist provisioned the network in such a way that the departments can continue to access their business-critical applications through a secure ‘reach-back’ mechanism and;
Most importantly, accessing this legacy information appears seamless to the user.
The benefits for BEIS
Visionist enabled BEIS to migrate from its legacy service to a new cloud-based service in their required timeline with the ability to have access to their business applications in the legacy PSN environment while maintaining the appropriate security controls around the disparate services.
Replacing expensive legacy infrastructure with a modern and capable infrastructure for the future will save BEIS money in the long-run – if the department continues to exploit the cultural changes required, then its invest-to-save strategy will result in net present value (NPV) of £8 million.
What BEIS say:
“I was reminded today of how efficient and effective Visionist are in the work they undertake. I for one am delighted with my new Cirrus kit. I’m still learning how to get the best from it but to be able to function close to 100% from day one is remarkable in my experience of IT projects.” – Programme Director, BEIS.
Founded in 2003, Visionist Consulting has over 15 years’ government delivery experience and extensive experience in delivering digital solutions to large organisations and not for profits. Visionist helps organisations achieve their business goals through strategic leadership and digital innovation.
Visionist has over 100 permanent staff with a wider resource pool of over 800 subject matter experts. Many have worked with Visionist for a number of years across multiple projects, complementing the permanent team with additional niche subject matter expertise or delivery experience.
With a new partner, Smarter Business, Visionist is also able to offer a host of other business services, such as business energy, telecoms solutions, facilities maintenance, smart building monitoring and more.
Please note: this is a commercial profile
To digitally transform your organisation, let’s talk:
+44 (0)20 3883 8201, or visit www.visionist.consulting
Tel: +44 (0)20 3883 8201