Secure Communication, Camden-style

by Egress
Published on 14th Jan 2013

London - January 2013 – The latest issue of Computing Magazine features an interview with Camden Council discussing their use of Egress Switch, the leading Government accredited email & file encryption service, to secure sensitive information shared with external third parties. What started as a single Council project has now been embraced by Local Authorities, NHS Trusts, Central Government agencies and the wider Public and Private Sector network.

Here are some of the article highlights.

The Initial Challenge
In 2007 Camden Council needed to find a secure way of sharing sensitive information with external third party personnel including social workers, police, volunteers, solicitors and agency workers. Everyone used different systems and the Council’s initial attempt to use an ad-hoc set of applications including WinZip and password protected Word attachments simply didn’t work.

“Quite often, the third party simply wouldn’t have the right versions of the technology at their end to open the documents and in some cases these were life and death situations. They had to get a message through so they would simply send it insecurely. That was the way it was happening,” explained Hilary Simpson, Head of ICT Business Partnering at Camden.

Camden also realised that they were spending approximately £40,000 a year on sending documents by registered post that were then getting lost or being sent to the wrong person.
Realising that this problem was not exclusive to Camden, John Jackson, CIO at Camden and his team began exploring the possibility of developing a shared solution through a now defunct forum called Capital Ambition. Sitting down with IT leaders from 17 other London councils, Jackson built up a picture of what was needed and began looking for a suitable solution, with a bias against “humongous, one-size-fits-all solutions”.

The Solution
The initiative was dubbed the Secure Communication with Third Parties Project (SC3P).

“We looked at eight products,” says Simpson. “The main requirement was that it had to be simple for council staff to use – we certainly didn’t want to have to send people away for training.

It was Egress Software Technologies’ cloud-based Switch solution that finally emerged as the best candidate. A policy-based gateway and desktop email encryption service, Switch plugs directly into existing email solutions and is operable via nothing more than a drop-down menu. It was the “one click” approach Jackson and Simpson had been dreaming of. Another key attraction was the service’s “follow the data” audit feature, which would make investigating any accidental losses or breaches a relatively straightforward task.

The SC3P team was also drawn by the fact that Switch does not require client software to maintain its encryption code.

“The real innovation here was giving the recipients free access to the emails sent, and making them able to respond to them,” says Jackson.

All 17 London boroughs adopted the service.

The Egress Trust Network – The next Facebook?
After 13 more London boroughs joined the Network, SC3P and Egress decided it was time for the project to go national with a new name: the Trust Network.

According to Egress CEO Tony Pepper, the initiative’s success is largely down to the vision and drive of the Camden team. “They provided the framework, but now Wales is on board, Scotland is interested, and then immediately outside of London, Surrey’s licensed their entire council of over 8,500 users and Guildford’s done the same. And it’s all because of the work Camden did leading the broad London network.”

Jackson describes the spread of the Trust Network as being “like the early days of Facebook; when everyone realised it was there and it just… took off”.

The Trust Network versus the Public Services Network 
The Trust Network’s success contrasts with the rather more sedate progress being made by the government’s Public Services Network (PSN).

“The PSN has nowhere near the take-up,” says Jackson. “I don’t want to ‘diss’ the central government initiative, but in a sense what is happening is we’ve seen a speed [with Switch] of execution and scale.”

“This contrasts with some of the big suppliers in local government, who won’t move without a purchase order or change a line of code without a £25,000 development fee, which is quite typical in some cases for even minor changes,” adds Simpson.

Egress Switch – Delivering the true Cloud
Jackson says the project has caused him to see the Cloud in a new light.

“I’m slightly cynical about the hype around cloud,” he says. “I always think it’s just another word for outsourcing really, but I think what’s interesting with Egress is it’s delivering what I’d call the true Cloud – a capability we can plug into existing infrastructures and make it work correctly.

“Just a drop down bar in our email system, and – bam – it’s gone. So it’s bringing cloud capability in without having to move your entire hosting environment to, say, Capgemini. It really is flexible and does what it says on the tin.”

Over the next 12-18 months, Pepper hopes to see “every single local authority in England, Scotland and Wales using the product to share with third parties”.

Article author – Peter Gothard

About Egress

As advanced persistent threats continue to evolve, we recognize that people are the biggest risk to organizations’ security and are most vulnerable when using email.

Egress is the only cloud email security platform to continuously assess human risk and dynamically adapt policy controls, preparing customers to defend against advanced phishing attacks and outbound data breaches before they happen. Leveraging contextual machine learning and neural networks, with seamless integration using cloud-native API architecture, Egress provides enhanced email protection, deep visibility into human risk, and instant time to value.

Trusted by the world’s biggest brands, Egress has offices in London, Sheffield, Cheltenham, New York, Boston, and Toronto. In April 2024 KnowBe4, the provider of the largest security awareness training and simulated phishing platform, entered into a definitive agreement to acquire Egress.