Norwich Union - Securing Systems

Norwich Union is one of the largest insurance groups in the UK. They wished to add an expert system to their website that would allow their customers to get a high quality self diagnosis of medical conditions. Norwich Union turned to Expert-24 to provide a web based system that could provide a safe and reliable means of providing an e-consultation. Layer3 systems provided system and networking hardening to a very tight deadline, this saved the project from late delivery and saved £200,000 per month in lost revenue.

Project Requirements
The week before the system was to go live a security audit identified that there may be security issues with the Expert-24 hosting facility and concerns about the robustness of the server configuration. Norwich Union and Expert-24 needed an independent consultancy that could quickly test and analyse the whole configuration, making any urgently needed improvements as part of the process and to produce a detailed report to confirm the state of the system. All of the testing and analysis had to be carried out without impacting on the live system or disturbing the development team and their work. 

The Solution
Layer3 provided a team of 5 specialists, each capable of verifying specific areas of the whole system. The task was then broken into analysing the system architecture, network design and configuration, system configuration and system patching, systems administration and documentation. A separate group carried out penetration tests on the Internet facing aspects of the system. When analysis was completed any missing security features such as latest patches or administration detail such as recovery plan were created and added to the project. 

• Very fast response to problems. System delivered on time and to specification
• Complete analysis within 4 days without impact on delivery of product
• Independent verification of correctness of operational system
• Independent validation of security model
• Minor security or configuration concerns immediately repaired
• Major issues reviewed by clients for priority assessment
• High priority issues repaired or corrected before going live
• Lower priority issues cleared within 5 days of going live