We’ve got

the UK covered
Be Better Together

Do more with less

IT security for Local Government and
the Emergency Services

To find out more visit:

Sophos.com/BeBetterTogether

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together

Putting a price on
peace of mind
IT security has arguably become a story focused on cost
versus quality.

A focus on cost
Cost in the public sector is obviously impacted by directives to reduce spending, and
despite a strong economic recovery since mid-2013 Britain has still to reach the
halfway point of the planned austerity push. According to the Institute of Fiscal Studies,
unprotected departmental spending areas have on average suffered cuts of nearly 20%.
Budgets today simply need to go further, and with IT being one of the areas of greatest
expense it is also a tempting target for stripping out cost.

Every new deal or renewal is therefore under the microscope, as organisations

unsurprisingly look for the cheapest options available that still offer the same quality
of service. Then there are the management activities that also come with an associated
cost in the form of the resources and time needed to complete them. These can range
from the hours spent meeting with suppliers to those involved in updating systems and
conducting user training.

Meeting aggressive targets – the ‘thrust to cut’ – means taking a comprehensive and
integrated view of both upfront costs and the total cost of ownership.

A focus on quality
Quality remains a far more static concept, as no organisation can afford to expose its IT
infrastructure to the threat of attack or an embarrassing data breach. Equally, this need to
avoid the loss of sensitive information is matched by the requirement to expand security
outside traditional boundaries to embrace shared and remote working. Front line services
have increasingly become defined by the diverse set of workstations and mobile device
platforms used to deliver them – the ‘endpoints’ that routinely access data stored in the
network, in the cloud, and on the devices themselves. Yet at the same time these assets
are being exposed to an interconnected environment outside the limits of traditional IT
security.

So what options exist for IT and procurement teams? Can tough government cost cutting
targets be achieved without leaving systems and devices open to attack?

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 2

 In search of the
answer
“How can I justify any
decision to change our IT
security supplier?” ?
Pressing
“With job cuts, how can
I become even more
efficient?”

questions for
IT
“How can I afford to “Can I afford to embrace
deliver effective end user BYOD?”
protection?”
“Is there a way to cut the
overhead of having to
manage so many different
technologies?”

?
“How can I make the most “Can we procure
of the Public Services technologies that
Network?” actually reduce training
requirements?”
Pressing
questions for
Procurement
“Is there a way to join with “How can I make
other authorities to extend consolidation work?”
the budget?”
“With so many suppliers,
are we buying capabilities
that already exist?”

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 3

We’ve got you
covered
For the UK Public Sector, Sophos is dedicated to one
core mission: delivering the most cost effective way
for you to secure and control your IT infrastructure
and data.
As a UK-founded supplier of IT security, we have an unrivalled understanding of the threat
landscape facing Local Government, Police, Fire and Rescue Services. This knowledge is
incorporated into the complete range of network, antivirus, email, server, web and mobile
security products we offer – technologies that are as simple to deploy, as they are to work
with.

Based on these solutions, we can offer you three commitments that relate to cost, quality
and credentials:

1: We’ll help you meet your cost cutting

targets – without compromising quality
When it comes to reducing the cost and complexity of your IT security, consolidation is
a good place to start. This is the move from multiple vendors and products to one single
solution, which as we’ve found with other customers in the UK Public Sector can typically
lead to cost savings of 35-40%. Savings are achieved by reducing the costs of licensing,
managing and supporting the security solution, thereby significantly lowering the total
cost of ownership.

From a quality perspective, this approach also enables you to replace multiple point
solutions that have grown together over time in response to evolving threats and
legislation. Such organic growth has been necessary to defend against a growing
cyber threat, but it can also create a wide array of technologies that are far from
complementary – and at times offer comparative functionality.

With consolidation, this assortment of licenses and products is instead replaced by a

single source for updates, upgrades and support. This is particularly important as new
requirements are added to the mix of necessary security expenditures, including data
loss prevention, policy-based encryption and web threat protection. What’s more, the
integrated threat management solutions from Sophos are tightly engineered to work
together, backed up by our capabilities for constantly monitoring new threats, and world
class 24/7 support.

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 4

2:
We’ll help reduce your administrative
burden, to save money and allow you to
work even smarter
While reducing cost is one of the main drivers behind consolidation, simplified security
management is another key consideration. Indeed, easier management leads directly to
the ‘soft’ savings associated with greater efficiency: a significant reduction in the hours
needed to administer the system, and more productive users.

Easier management is at the heart of the Sophos approach to security. We can help you
move from a multi-vendor infrastructure to a consolidated solution, which means your IT
team only has the one set of tools to become proficient with. This unified set of products
is also backed up by a single support organisation – so no more time spent navigating
multiple software licenses and service contracts when you need assistance.

In addition, with Sophos you’ll have better visibility of network activity, more centralised
reporting, and automated capabilities for preventing, detecting and remediating threats
across your entire system – so you really can focus on other activities. The result: fewer
employee hours required to manage fewer tasks, simple and fast training for new staff,
and one familiar and inclusive interface.

3: With our experience it doesn’t take us long

to move from talking to delivering
When it comes to understanding the raft of
legislative and regulatory standards you have
to operate within, and the budgetary and
performance constraints that exist, experience
really does count. That’s why at Sophos
we’re proud to state that our customer list
for the Public Sector includes 55% of Local
Government, 60% of Police Forces in England
and Wales, and 35% of Fire and Rescue
Services.
We’re also a UK-based company, and maintain
open dialogue with our customers to identify
where and how we can enhance our offering
to meet the real security needs of Local
Government. This knowledge also influences
our approach to deployment. With deep, hard
won experience of challenge and opportunity,
Sophos knows exactly how to get your network
security up and running fast and effectively.
Protecting end user devices and data
At Sophos our approach to building security for the Public
Sector is anchored by three core beliefs:
1] Security must be comprehensive – and the solution must
include all the capabilities required to satisfy your specific
needs.
2] Security can be made simple – with simplicity intrinsic to
the solution, including deployment, management, licensing,
support, and the overall user experience.
3] Security is more effective as a system – because
new possibilities emerge when technology components
communicate and cooperate, instead of each functioning in
isolation.
Next-Generation Enduser Protection is Sophos’ vision of
applying these principles to deliver better security for end
user devices and data through the integration of endpoint,
mobile, and encryption technologies.

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 5

Unified threat management from Sophos
To consolidate your IT security with Sophos is to gain access to the latest firewall
protection plus features you can’t get anywhere else – including mobile, web, data loss
prevention and Next-Generation Enduser Protection. No extra hardware. No extra cost.
Simply choose what you want to deploy.

Network Protection: Web Protection:

No compromise performance Ensure safe and
and security productive web use

All the protection you need to stop Comprehensive protection from the
sophisticated attacks and advanced latest web threats and powerful policy
threats while providing secure network tools to ensure your users are secure and
access to those you trust. productive online.

Features include: Features include:

• Network Firewall • Web Malware Protection

• Intrusion Prevention System • URL Filtering Policies
• Advanced Threat Protection • SafeSearch, YouTube, and Google Apps
• Secure VPN Access • HTTPS Scanning
• Site-to-Site VPN • Layer-7 Application Control

Endpoint Protection: Email Protection:

Centrally managed Secure against spam,
endpoint antivirus phishing and data loss

Extend protection to your Windows Full SMTP and POP message protection
desktops and laptops with antivirus, from spam, phishing and data loss with
device, and web control all on one license. our unique all-in-one protection.

Features include: Features include:

• Single Console Management • SPX Email Encryption

• Easy Deployment • Standards-Based Encryption
• Antivirus and Malware Protection • Data Loss Prevention
• Device Control • Live Anti-Spam
• Web in Endpoint • Self-Serve Quarantine

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 6

 Mobile Protection: SafeGuard Encryption:
Secure devices, content and Protect your servers and
applications web applications
Manage your mobile devices, content, Harden your web servers and Microsoft
applications, and email, in addition to Enterprise Applications against hacking
integrated antivirus, anti-malware and attempts while providing secure access to
web filtering. users.
Features include: Features include:
• Mobile Content Management • Web Application Firewall
• Mobile Device Management • Server Hardening
• Mobile Application Management • Reverse Proxy Authentication
• Mobile Email Management • Anti-virus Scanning
• Integrated Security for Android Devices • SSL Offloading

Sophos Reference Architecture

Reputation Data * Active Protection SophosLabs Correlated Intelligence * Content Classification

AT HOME AND ON THE MOVE REMOTE OFFICE 1 REMOTE OFFICE 2

UTM
NextGen Firewall
Secure Web Gateway
Secure Email Gateway
Secure Wi-Fi Secure VPN RED Secure Wi-Fi
Mobile Control Endpoint Security Web Application Firewall
SafeGuard Encryption

Secure VPN
Client Endpoint Security Mobile Control Endpoint Security Mobile Control
SafeGuard Encryption SafeGuard Encryption

HEADQUARTERS
SOPHOS CLOUD Network Storage Antivirus
Server Security

V
Administration

Web Application Firewall Endpoint Security

Mobile Control SafeGuard Encryption

Secure Web NextGen Firewall Secure Email

Secure Wi-Fi Gateway Gateway Guest Wi-Fi

Sophos Reference Architecture

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 7

Introducing: Next-Generation Enduser Protection
Next-Generation Enduser Protection represents a fundamental change to how we
approach security. It’s a solution that collects suspicious events from all your devices,
and correlates the data to identify any compromised systems. If any are found the
administrator is alerted and the system temporarily locked down – removing access to
sensitive network and cloud data – while the detected threat is removed. What’s more,
this is all done automatically.

This is a shift in focus from traditional antivirus to incorporate prevention, detection and
remediation across your entire system — all managed over the web via Sophos Cloud.
What it gives you is the confidence that fewer infections will be experienced, along with a
lower risk of data breaches and other security incidents.

Available today:
Two next-generation features are already available:

1] Malicious Traffic Detection – which catches compromised computers in the act of

communicating with attackers’ command and control servers. By integrating this feature
into the endpoint, we can detect a compromise on or off the network, identify the specific
malicious file, and clean up the infection. This means better detection rates and less time
manually cleaning infected systems.

2] Sophos System Protector – the ‘brain’ of our updated endpoint agent. What it does
is correlate information from the Malicious Traffic Detector and other components to
identify threats that might not be deemed ‘bad’ by any one component on its own. The
result is better protection against advanced threats and fewer false positives.

Coming soon:
Encryption will also come to Sophos Cloud in 2015, and with it the ability to use
encryption in conjunction with our endpoint and mobile products for preventing, detecting
and remediating threats. Within the endpoint agent, we’ll also be adding additional
components in 2015 to enhance our customers’ ability to protect, identify and counter
previously unknown or ‘zero day’ threats.

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 8

 “
“
Sophos in action

“With Sophos, our platform is now ideal for PSN compliance,

even when it evolves over time. We have no regrets.”
Nigel Swan, IT Technical Services Manager, Rushmoor Borough Council

The customer
Formed in 1974, Rushmoor Borough Council
is a Local Government District and Borough
in Hampshire.

The challenge of PSN compliance

The introduction of PSN in 2008 has meant higher standards and stricter security
compliances for Local Authorities to adhere to. For Rushmoor Borough Council – having
already chosen Sophos in 2002 – there was confidence that the capabilities were already
in place to avoid the risk of suspension, meet any changes to the Government’s annual
security criteria, and ensure comprehensive data protection.

The technology
Rushmoor switched its perimeter firewall solution to Sophos in 2014. This followed
intensive research that compared it with Palo Alto and WatchGuard, using Gartner’s Magic
Quadrant together with onsite testing and analysis.
Having already chosen Sophos for desktop firewall security, Sophos PureMessage for
email protection, Sophos SafeGuard Encryption to protect data moving from A to B to
C, and Sophos Mobile Control to protect devices working remotely, Rushmoor was in a

“
good position to further integrate security solutions. The Council’s IT Technical Services

“
Manager, Nigel Swan, has worked closely with the Sophos team ever since in order to
meet the strict Government regulations.

“The scale of PSN compliance cannot be underestimated. It’s

no longer a ‘should’ it’s a ‘must’. Decision making has been
removed from councils and we absolutely must comply.”
Nigel Swan, IT Technical Services Manager, Rushmoor Borough Council

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 9

The results
The main business benefit for Nigel and his team is the PSN compliance expertise
at Sophos. This helps them to meet crucial regulations and avoid the risk of being
disconnected by Government.

Other benefits include:

Transparency
The Sophos solutions are invisible to the Council’s 350 internal customers. Instead, with
the role-based alerting system in place, IT can resolve any problem before users are even
aware of it.

Data compliance
Sophos Mobile Control and Sophos Safeguard Encryption prevent against data loss and
provide reassurance to those working in the field or from home.

Value for money

Rushmoor now has more security equipment than before but has been able to keep costs
relatively low compared with other vendors such
as Palo Alto or WatchGuard.

10-15% time savings each week

Reduced complexities, reduced administrative overheads, faster updates, automation,
central management and greater product integration has all contributed to significant
weekly time savings.

“
“
“We feel we have a solid foundation to move forward –
encompassing a refined and much-improved infrastructure.”
Nigel Swan, IT Technical Services Manager, Rushmoor Borough Council

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 10

Be Better Together
If you’d like more information on how our solutions could
work in your environment, why not get in touch?

You can contact us on:

+44 (0)1235 465942
governmentteam@sophos.com
Or visit: Sophos.com/BeBetterTogether

A Sophos Whitepaper: We’ve got the UK covered. Be Better Together 11