PTaaS use case: Housing Associations
The Situation:
We were engaged by a large housing association, who have been busy developing and growing their infrastructure from a purely on premise resource to a hybrid mix of on premise and cloud services, to provide an overview of its resilience to both external and internal compromise. There were a number of motives for establishing a greater understanding of their security risks:
- Protection of tenant data
- Securing of funding for growth
- Compliance and accreditation mandates set for them as a publicly funded organisation
- Securing cyber insurance
The Challenge:
Given the large volume of IPs involved we needed to prioritise and structure the activity based on perceived severity. To make the outputs more easily digestible by the client, we reviewed each type of IP, (internal/internal cloud/external/external cloud) and broke the tests down into more compact components in agreement with the association itself.
What Amicis Did:
We then executed and reported each test separately. Importantly, though, we also provided a summary issue analysis for the association highlighting where the same issue was identified in each separate test to aid their remediation efforts, enabling them to address specific issues across multiple environments at the same time.
The Outcome:
The testing provided a consistent starting point from which the association was able to plan a programme of work to increase its resilience across the entirety of its on premise and cloud estates. Most importantly, however, the association gained a clear understanding of the risks it is exposed to today, their severity and what needs actioning to address them.
They are now well placed to achieve their Cyber Essentials and Cyber Essentials Plus certifications before the end of 2023, which Amicis will also support them through, with a significant amount of the work already achieved via this testing activity. Finally, they have what they require with important roadmap items established, including mandates for their cyber insurance policy options.
If you work in the Social Housing sector, considering the use of penetration testing to enable other business activities, or struggling to secure a cyber insurance policy for your organisation, reach out to Amicis at hello@amicisgroup.co.uk or click here for a conversation on any number of these matters and how we’ve helped those who find themselves in these situations.
