The world’s leading gardening charity has been part of the UK’s horticultural movement since 1804, providing education and green spaces for millions to visit and enjoy each year. Security is key during the pandemic to protecting their remote workforce and ensuring business continuity while remaining compliant
Industry: Charity Products: Application Security, Network Security
Since the charity was established in 1804 their workforce and sites have grown to include 1,000 full-time and 1,500 part-time employees and volunteers across six locations. With the RHS supporting some of the most well-known events in the horticultural calendar including the Chelsea Flower Show and Hampton Court Palace Flower Show, it’s important that IT security remains a priority.
Putting home working security first during the pandemic
At the height of the lockdown, RHS had to swiftly move 800 staff to the Citrix network to support remote working, facilitating this transition was crucial to ensuring business continuity. As the IT Operations & Service Delivery Manager Simon Cruse explains, “we’re really happy with how we’ve adapted the business and supported our staff, whilst our gardens were closed and hosting the widely popular Chelsea Flower Show as a virtual event.”
This rapid shift has put a strain on IT security resources and since the pandemic, they’ve seen a huge uptick in IT support requests from internal staff and external volunteers. Delivering high quality, and secure IT services to all stakeholders was paramount to ensuring they have what they need to do their jobs, whilst keeping remote working security in front of mind to protect the business.
Creating a secure infrastructure for applications
The RHS security team have come a long way to improve security awareness in recent years. At the beginning, they conducted pen tests on their infrastructure and applications to highlight gaps and measure the effectiveness of their security program. With the support of Outpost24, they quickly realized they needed another set of eyes on top of the PCI scans and pen tests to provide continuous coverage as the threat level increases.
And since the IT security team were tasked with supporting in house development of up to 250 science, retail and finance web applications when the pandemic hits. It’s been important for them to identify all Internet-facing applications, on a continuous basis, to ensure they are audited and checked, as the charity moves their business and events online.
“We found a number of previously unknown applications through Outpost24’s discovery scan, and were able to test them for software vulnerabilities, with dynamic application security testing, to bring them in line with our stringent security processes.”
Simon Cruse, IT Operations & Service Delivery Manager
RHS is well aware of the dangers of data loss and hacking, so it was imperative to implement a robust vulnerability management process and get these shadow applications under control.
RHS uses vulnerability data from Outpost24’s security assessment tools to improve network asset visibility and continuously discovering security vulnerabilities that pose a risk to the charity. They use the real-time vulnerability data to prioritize their remediation efforts and improve efficiency as they have the insights to make better decisions and act more quickly.
“The vulnerability management tools from Outpost24 ensure we remain compliant and reduce our time to patch as we can pinpoint where our weaknesses lie and can fix these straight away to ensure our perimeter is always protected.”
Simon continues, “Since using Outpost24 solutions we’ve seen a vast improvement in our security processes and posture. I love the scanning less scanning feature as I have more visibility and decreases the overall exposure window for attacks. It delivers excellent value for money and ensures breaches don’t happen and our reputation is protected.”
Simplifying PCI compliance
Like many other businesses, RHS must comply with UK regulators for PCI and they’ve benefitted from having automated compliance checks in place for auditing and simplified risk management. Simon explains, “Scale has helped minimize our web application vulnerabilities along our in-house development and provide the reassurance that we’re protected, and we have a well-managed system that’s secure. We use the reports to demonstrate results and prove this to other areas of the business.”
PCI compliance scanning from Outpost24 has also been essential in simplifying this process. "Our sites needed testing against the industry standards for OWASP Top 10 and being PCI compliant has helped prove how far we’ve come in terms of security within RHS in recent years as this used to be a very daunting task before we introduced Outpost24."
“Continuous vulnerability management and application security are key to our success. I recommend Outpost24 to anyone looking to gather valuable data of their attack surface. Being able to identify vulnerabilities automatically has been particularly beneficial in pandemic times and supports our growth into 2021 and beyond.”
Simon Cruse, IT Operations & Service Delivery Manager
Cyber resilience beyond Covid-19
RHS have faced many security hurdles this year from the Covid-19 pandemic, which affected their ability to grow the charity from events and parks revenue. The shift to remote working meant the team had to think on their feet and adapt in an agile way to facilitate the new normal. The team were able to quickly adapt and maintain a high level of security hygiene by having integrated vulnerability management from Outpost24 and promoting security awareness throughout the organization.
“We’ve grown up and having Outpost24 solutions enables us to have full visibility of our attack surface as we shift to remote working. Everyone has come to recognize security and the dangers of phishing and ransomware attacks. Outpost24 have saved us a great deal of time and money by helping us improve our security posture and shift to a hybrid cloud infrastructure in the future.”
Simon comments, “Continuous vulnerability management and application security are key to our success. I recommend Outpost24 to anyone looking to gather valuable data of their attack surface. Being able to identify vulnerabilities automatically has been particularly beneficial in pandemic times and supports our growth into 2021 and beyond.”