Lambeth Council

Lambeth Council needed to comply with a new mandate—Government Connect Secure Extranet (GCSX)—which required over 100 security controls. To meet the compliance deadline, Lambeth Council had to implement a flexible, scalable log-management solution as quickly and cost effectively as possible. To achieve GCSX compliance, Lambeth Council deployed NetIQ Sentinel™ Log Manager, greatly simplifying IT security management and auditing.


Download PDF (EE)

Download PDF

“Sentinel Log Manager gives us a single point of control where all logs are collected and analyzed, providing a much more efficient way to handle security-related incidents.”Ben FountainInformation Security Officer, Lambeth Council

About Lambeth Council

Lambeth Council provides online services to the 275,000 citizens of Lambeth, a borough of London, England. Lambeth Council has been recognized by the Society of Information Technology Management for their successful IT strategy and adoption leadership, and the lowest IT costs of any London council.

Challenge

Lambeth Council needed to respond to a new policy from the U.K. Department of Work and Pensions (DWP): From September 30, 2009, all restricted or sensitive personal data exchanges between the DWP and local government organizations must occur over a new, secure IT channel called the Government Connect Secure Extranet (GCSX).

To use GCSX, all local authorities would have to comply with a code of connection (CoCo) that specified 127 different security controls, which included everything from site security and employee training to IT monitoring and audit requirements.

“If we missed the deadline and were unable to connect to the DWP for any length of time, the impact on our public services would be very serious indeed,” said Mary Cotterell, technology program manager at Lambeth Council. “To meet the infrastructure-security requirements for our estate of several hundred mixed-operating-system servers, we needed a flexible, scalable log management solution that could be implemented as quickly and as cost effectively as possible.”

Our Solution

The Lambeth team researched possible solutions, performing a full market survey in accordance with its standard procurement processes.

“GCSX-CoCo compliance is only relevant for U.K. local authorities, so there weren’t many solutions on the market that were specifically designed to meet its needs,” said Cotterell. “We decided on a different approach: choosing a more generic solution that was flexible enough to adapt to our immediate needs. This would also have the advantage of giving us a platform for meeting other requirements in the future. For example, the Council offers a number of payment card-related services, so we may need to consider PCI-DSS [Payment Card Industry Data Security Standard] compliance in the near future.”

Adapting the solution quickly would entail excellent vendor support, so this was another key requirement. Finally, it was important to get the best possible value for the public’s money.

“We had a shortlist of five or six solutions, and Sentinel Log Manager was the clear winner,” said Ben Fountain, information security officer. “We were impressed with the expertise and commitment from Sentinel partner Securiam, and their proposal also offered the best value for money of all the options we considered.”

Within 30 days, the Sentinel, Securiam and Lambeth teams had designed the solution, installed the software, and rolled it out across the server estate. As a result, Lambeth Council achieved GCSX-CoCo compliance ahead of the deadline, and now communicates seamlessly and securely with key central government systems. Lambeth Council is now rolling out the software to the rest of the infrastructure, and it will soon provide a comprehensive log management solution.

“The teams did an excellent job during the implementation—dealing with issues rapidly and professionally, helping us to get the solution online well within the deadline,” said Cotterell. “Their support will continue to be important as we extend and adapt the solution, and we are fully confident in the future of the partnership.”

Results

From an operational perspective, Sentinel Log Manager will transform the way Lambeth Council handles IT security issues such as virus infections and tracking file access.

“Sentinel Log Manager gives us a single point of control where all logs are collected and analyzed, providing a much more efficient way to handle security-related incidents,” said Fountain. “Currently, the potential time-savings are only to be guessed at—but I would be surprised if our next significant malware or hacking event isn’t identified, traced and triaged within hours.”

“The Sentinel and Securiam teams worked very successfully with the Lambeth project and operational teams to deploy the Sentinel Log Manager under extremely challenging circumstances and a tight time frame,” said Cotterell. “Their expertise and support were invaluable in contributing to the overall success of our project and ultimately compliance.”

Government

United KingdomEurope

  • Will provide communication seamlessly and securely with key central government systems
  • Will introduce a single point of control where all logs can be collected and analyzed

Let's Talk


Welcome, Want to talk to someone? Call our Sales team or request a call and we'll get right back to you.

  • Sales: (888) 323-6768

For support information, please visit Technical Support.

Amy Sachrison
Director
Press & Analyst Relations

Phone: (713) 418-5368
Email: amy.sachrison@netiq.com