TL, DR: Azure Express Route — Firewalls in, one circuit up and one to go, and here we come Cloud Migrations.
Click here for previous weeknotes s01e26.
Who did you talk to outside your organisation?
A mix of meetings this week with multiple vendors to ensure our Azure Express Route was configured with new Firewalls in situ this week.
- Various catch ups through out the week with our Account Manager at Virgin around delivery timescales to complete some outstanding tasks for our new Azure Express Route. Despite acknowledging that they had dropped the ball with one of our circuits, the escalations only led to just in time timescales, which were heavily caveated and therefore not solid enough for us to plan around and stick to the planned cloud migration schedule. Pre-req for migrations is to have both primary and back network circuits working and tested before we migrate live services into Azure. This has put us back by a week.
- Few project team meetings this week with Maintel and Phoenix around Azure Express Route Firewall implementation and configuration.
- Product demo with Meta Compliance and this time with a wider KGH/NGH Group audience for a Cyber Security eLearning platform along with a policy compliance toolset for our service users. I am really keen on this, as I do not believe we do enough to educate the user base across the NHS as a whole. As we balance the cyber risk versus user experience, productivity and empowering our user base it is key in my opinion that cyber security awareness training is given the importance it needs. We need more than screensavers and emails campaigns, and yes we do need to make cyber training mandatory.
- BT Account catchup along with Mandy our IT Procurement Lead to progress scoping and costing of BT circuit relocation to a new on-prem Data Centre for HIP2 enabling works at KGH.
What would you have liked to do more of?
Started to review and score the security governance elements for procurement tender responses received for a new cloud based system being procured for the Finance dept. Literally ran out of time and steam by the end of the week to complete. Some of the responses took a bit of unpicking given how they had been carefully worded. Learnt a few things to feed into our requirements next time. Like ask the suppliers to detail their ODS code when asking if they currently submit an annual DSPT (Data Security Protection Toolkit) response and what standard they achieved from the outcomes possible:
- Standards not met ( Fail ),
- Standards not met with plan agreed ( Fail but there is assurance in place it will be met),
- Standards Met,
- Standards Exceeded (which means they’re hitting Cyber Essentials Plus Requirements)
its possible to search and verify if a supplier has submitted and view their results on the DSPT portal, click here for the link.
What do you wish you could have changed?
Missed out on a Presentation Skills Workshop ran by Andy Callow due to conflicting meetings in the diary. Heard feedback that it was a really good event. So kicking myself that I didn't clear the deck and made the time to attend. Was reminded this week that sometimes you need to just make the time for self development. Hoping there will be another opportunity.
What challenged me?
- Discovery project — we had a regroup this week to undertake some more scoping in what the next steps we should undertake to deliver a key security related function that goes hand in hand with new ways of working with our Office 365 offering. It has sat on the department’s backlog for a few years now and even though there was consensus that we should have this basic function in place there was hesitancy in standing this significant project up. Mainly due to the same challenge we face elsewhere. Eg. using constrained operational resources to deliver multiple projects whilst keeping the wheels on BAU activity. Made me reflect on other key items on our backlog which have not started for the same rationale and new things on the horizon coming at us that I know will challenge us in the same way. The work funnel needs further development, prioritisation, limiting work in progress, limiting the time something can remain on the backlog, maintaining a flow, and visibility of work… yup Agile/Kanban!
- A regroup with a clinical team around an Office 365 dependency we encountered a few weeks back in regards to how some particular spreadsheets with macros were being used. Exploring a few options to help the business unit make some decisions about how they operate going forward. Looking to meet with a supplier next week that may be able to help.
What did you enjoy?
Gaining some extra steps whilst standing at my desk… distributed working just got better and yes I did manage to do some walking whilst on some teams calls (without the video :D).
and of course it was Diwali or as Sikh’s know it and celebrate it Bandi Chorr Divas.
What did you achieve?
- Migration Wave Planning Session with Phoenix — more detailed planning for Wave 2 due to start mid-November.
- Ran through change documentation and process for Cloud migrations with the project team.
- Site Survey to scope infrastructure requirements for new HIP2 enabler Office earlier this week with Riner Rani and another potential for SD WAN. Requested connectivity budget costs from a supplier.
- Met with Information Governance colleagues to update on the DPiA (Data Protection Impact Analysis) for Cloud which we ran through a few weeks back and a follow on to detail considerations for Azure Virtual Desktop (AVD). Both received the green light to proceed, so all set for cloud migrations and an AVD pilot to commence.
- Azure Firewalls finally implemented although a bit touch and go and last minute configurations by Virgin Media on their Routers. We are now connected to our Azure Data Centre via our Express Route rather than the VPN service we had established back in April 2021 at the start of our Cloud journey. Disappointingly we can’t start migrating without the 2nd resilient link/router up and working and has resulted in a week’s delay to the scheduled server migrations to Azure Cloud.
- Scoping call with System C around relocating some of our local EPR infrastructure into a new on prem Data Centre as a part of our HIP2 enabling works. Will regroup in a couple of weeks hopefully to review their proposal and costs which will hopefully limit any downtime.
- The O365 Project Team has made some brilliant progress on Office 365 with 3700 users migrated to OneDrive. Progressed placing an order with Accenture for additional delegate permissions to complete the remaining 1000 or so One Drive migrations to complete. Fileshare migrations to SharePoint continue at a steady pace along with some AfE deployment and legacy Office removal from the Desktop estate.
What did you learn?
- The long awaited all user security groups now available on the NHSmail tenant. We have already submitted our request for this to be setup for KGH, and will enable a number of organisation wide use cases.
- Received my CISSP Official Study Guide in the post to start some self study ahead of attending a formal training course. Not going to be an easy one, but looking forward to getting into it and getting accredited.
What are you looking forward to next week?
- Azure Sentinel POC Deployment workshop.
- BCS Launch Workshop.
- Second circuit being made operational on our Azure Express Route.
- Cloud migration change walk through.
- Monthly Cyber Security Group meeting.