TL,DR: A week of Cyber, Reflections on our Cloud Journey so far and progressing Office 365
[W/C: 30/08/2021] Short 4 day bank holiday week.
Who did you talk to outside your organisation?
Phoenix — Reviewed the statement of works together for a full pilot deployment for Azure Sentinel (SIEM solution). Once signed off it will be submitted to Microsoft for ECIF funding of up to 10k which will cover the cost of the pilot. This work will build on the previous smaller pilot that was for a limited number of hosts, whereas this deployment will cover all of our on-prem /cloud server estate along with ingesting security log data from other security appliances such as our Firewalls. Ideally we want this to cover our Office 365 estate also. However this is more challenging as this environment is on the NHSmail/N365 central tenant. If we can get an API feed into our own deployment of Sentinel it could work. Sentinel for N365 is on the roadmap however no timeframes associated yet. Will need to reach out to colleagues at NHS Digital to see what will be possible.
Will be signing off on the SOW next week ready for submission following any opportunity for internal review/feedback.
What would you have liked to do more of?
Had a brief look at some procurement specification documents for a system that we are due to go out to tender for soon with Mandy our IT Procurement Specialist. Currently reviewing the cyber security and infrastructure requirements. Unfortunately didn’t get as much time as needed to complete this work. Agreed to look at this next week in more detail.
What do you wish you could have changed?
Was hoping to get our cyber security bids submitted this week to NHSD/X in time for the first round of capital funding which will be accepting bids until December 2021 and need to be spent by the end of March 2022. However, the pre-req requirements had changed and we now needed to detail endorsements from the NHSEI Regional Office and NHS Digital Data Security Centre (DSC) Regional Security Lead prior to submission. Our regional point of contact is on leave, so will need to reach out wider to progress this dialogue.
What challenged me?
- Some expected challenge of meeting deadlines this week. I had two papers to write/contribute towards in order to provide both update and assurance to our Group Digital Hospital Committee (GDHC) around cloud migration and cyber security. With a head start on the Cloud migration programme update which needed a tweaks around what has been achieved and what is yet to come, I gave my focus to the cyber security paper. The cyber paper was a collaborative team effort across both hospitals within the our Group. It provided the opportunity to spend some time with Andrew Wapples (Cyber Security Manager, NGH) and Dan Howard (Digital Director, NGH) in producing our first combined Group Cyber Deep Dive Update Paper. Felt good that we had collectively done a good job and more importantly presented our first combined view of Cyber Security across the Group and is being taken seriously at a senior level in the organisation. We had some great feedback following a pre-submission review of papers. Hoping we continue to get the opportunity to present the cyber security agenda at a Group level.
- Other ongoing challenges — having thought we had achieved a milestone in receiving an Office 365 compatible working EPR client a few weeks back, defeat was snatched from the jaws of victory when we encountered issues with printing in a few areas, a significant setback. Genuinely, wish I was surprised when receiving this news. It has been a painful journey with the supplier. Which means we are at a standstill again with regards to deploying Office 365 out into clinical areas until resolved.
What did you learn?
I have started to attend the NHSmail weekly webinars more regularly. Some interesting items came up this week around licence re-allocation when users leave an organisation. In a bold new world of NHSmail collaboration, permissions and access as expected follow you around. With this come the challenges of adjusting current email focused processes/practices to better reflect the changes O365 is bringing. NHSmail accounts now have more than just email permissions associated, eg Teams/Groups and going forward SharePoint Fileshares. Licencing on the NHSmail admin portal are assigned by adding user accounts to licencing policies locally and thus this is how AfE licences are assigned to users.
On the webinar I learnt NHSmail leaver user accounts have to have their associated licencing policies removed (along with other O365 access) prior to them being marked as a leaver, otherwise that licence cannot be re-used until the account is deleted some 6 months on after the retention period has elapsed. Alternative being we have to re-enable and do it the right way, but the retention period clock starts again from zero! This licence can only be reallocated once in a 90 day period, not that great if you have someone come and go within that time frame, which does happen with locum and bank staff on a regular basis. However this is a Microsoft constraint rather than an NHSmail one. Few other points I took away was to re-enforce our OneDrive comms and training to our end users around managing and cleaning up storage. Unlike SharePoint storage which is pooled across the organisation, OneDrive data is not it is only available to the user it is assigned to. As a standard user of NHSmail you receive 2Gb of storage. How you manage this is key, as it’s also subject to 6 months of data retention which counts towards your 2Gb limit. If you wait to hit your limit before clean up you could be waiting 6 months to add anything new until the data retention period is over and finally deleted. So the advice is simple… clean up as you go along, little but often…
- SharePoint Online: Total pooled SharePoint Online data for the Organisation = (No. Of users X 2Gb) + Data Top up licences
- OneDrive: Total Storage = 2Gb — (6 month data retention of deleted files/folders) + (Optional Data Bolt On)
Will need to review our current NHSmail processes with operational team leads to augment with these additional steps.
What did you enjoy?
- I enjoyed some retrospective reflection time when pulling together the cloud migration programme paper for GDHC. The time out to produce it made me think about how much we have achieved and what still lies ahead. No doubt our cloud journey has accelerated on speed, and an exciting migration period ahead when they start up again in November 2021. This is still just the tip of the iceberg in delivering on our Cloud first policy. Was great to see NGH ready to present their aligned Cloud First policy at GDHC next week also. The stream of possibilities for collaboration across our Group of Hospitals and wider utilising cloud are almost endless, we need more group level discussions to ensure our respective journey to the cloud is one where it’s heading towards convergence rather than separate entities in the cloud.
- Caught up with Emily Wright post Office 365 Workshop last week. We compared notes and checked off where we think the programme has got to and especially in light of some key decisions and lines of direction set at the workshop. Agreed which follow on focus workshops we needed and in particular the outputs. The Office 365 war room on-site is taking shape. We agreed that it would be our main hub point for the duration of the programme.
What did you achieve?
- FileShare migrations continued although still small numbers this week due to process redesign mentioned above. We have a couple of Office 365 project coordinators on board now which means activity has stepped up and we have 40+ fileshare migrations scheduled next week and look to ramp up further the week after. Fileshare migrations into SharePoint Online is a pre-requisite task before we fully migrate any of our E3/R Office 365 online users and remove previous legacy version of Office.
Ashley our fileshare migration lead, worked hard changing how we are approaching our Fileshare migrations into SharePoint online. Although now a longer migration process, the user experience of having one SharePoint Online collection to go to for fileshares is way better rather than multiple which is the way it was before. Another example of doing the hard work up front to make it simple! New approach will be used from next week hopefully.
- Completed customer survey to conclude the first initial Threat and Security Workshop and smaller Sentinel Pilot with Phoenix for which we had received 5k Microsoft funding. Looking forward to the wider 10k funded POC mentioned above. Initial report will be presented back later this month to a wider audience.
- Confirmed completion of our physical fibres for our Azure Express Route with Virgin and the last installation bits taking place next week. Next steps will be to enable the cloud overlay service to bring the express route into service. Needs to be aligned with Firewall timeline discussions to avoid paying for the Azure costs for the express route ahead of when it’s needed.
What are you looking forward to next week?
- Being onsite again next week for a face to face OneDrive Migration and Desktop Configuration Workshop next week with the wider technical project team. Looking to particularly focus on the desktop end user experience, in particular for E3/R Office 365 Online users.
- HIP2 — IT Enabling Infrastructure Workshop — first overview session with the wider IT team, to get everyone up to speed with what is happening with the new hospital rebuild plans, and the impact to current IT services and infrastructure. Look at the initial options and gather some views and consensus on how we approach the next steps.
- Azure Express Route Firewall meeting with Maintel and our local networking team to discuss low level design requirements, ahead of Firewall delivery still tentatively expected mid-October.
- Network Access Control workshop with Extreme Networks to look at how we can progress with migration away from the current NAC solution to ExtremeCloud A3 which is aimed to be an innovative Cloud-Managed Network Access Control (NAC) solution. It secures, manages, and controls all devices on the access layer of the network.
Last week’s weeknotes can be seen here