Thrive Homes is a Housing Association that owns and manages 5000 quality homes across Hertfordshire, Bedfordshire, Buckinghamshire and Oxfordshire. Their goal is to be a professional landlord creating quality homes where people enjoy living.
The Challenge
Thrive performs an essential public service by providing housing for those most in need and supporting local communities through a variety of social objectives. They are reliant on public trust and are responsible for securing vast amounts of data.
Thrive has invested heavily in security to help monitor its environment. Although the previous MSP improved its Cyber Security, Thrive’s IT department wanted to take this further through SOAR and by utilising DarkTrace, which the incumbent had no experience of. This spurred Thrive to search for a new provider with a more progressive security offering.
Thrive’s Head of IT, John Stenton, was looking for a partner to provide a constantly evolving security solution. The successful MSP needed to challenge the status quo and deliver strategic guidance to ensure Thrive’s security posture remained resilient, yet adaptable to future threats.
The chosen partner needed to take a holistic approach to security delivering:
- Security Strategy – analysing processes and procedures, updating policies and developing Thrive’s security maturity
- An advanced Security Operations Centre (SOC) for monitoring, detecting, alerting and recovery services
- Regular Data Security Reviews
- Employee awareness training
- Business Continuity and Disaster Recovery planning, reviews and testing
- IT Support and Management
“Our partnership is based on open communication and an alignment of vision. Conosco has exceeded all expectations in delivering a secure infrastructure. They do not accept the status quo, they understand that security is constantly evolving and are always looking for improvements. That’s where the vCISO service, really impressed me. Conosco’s team worked with me to identify the gaps and proactively develop our infrastructure to make us as secure as possible. The insights that the vCISO has given us help to ensure that our reputation is trusted and protected.”
John Stenton , Head of IT
The Solution
Following a tender process, Thrive Homes made the decision to move to Conosco. Having spoken with our CISO on numerous occasions, John saw a true alignment of vision and was positive that Conosco would help drive Thrive’s security initiatives and play a strategic role in allowing them to meet their goal of being security leaders in the housing sector.
Conosco also demonstrated a mature SOC capability and a strong understanding of Thrive’s current security tooling as well as a desire to help them maximise the value of their investments.
vCISO
Conosco was selected to lead Thrive’s security strategy providing a dedicated vCISO service. Working closely with John, the first task was to review all of Thrive’s processes, procedures and documentation ensuring everything was accurate and up to date. A risk assessment was also undertaken which covered every aspect of Thrive’s IT infrastructure. This highlighted the gaps in security and provided Thrive with a meticulous report detailing areas for improvement.
Conosco has since implemented a variety of services including, email monitoring, web filtering, EDR (Endpoint Detection and Response), user awareness training and other cyber monitoring projects. By securing the network edge, Thrive were in a strong position to enable the majority of its team to work remotely throughout the pandemic. These solutions along with the expertise and regular monitoring of the Security Operations Centre serve to combat data breaches and minimise risk.
Conosco’s vCISO team continues to undertake monthly reviews to assess risk factors and implement remedial solutions wherever possible. This ensures Thrive’s defences remain robust and continue to develop as new threats emerge.
The Outcomes
The vCISO service has delivered a clear view of the status of Thrive’s information and cyber security posture as well as progress towards improving its security maturity. As part of our ongoing commitment, Conosco provides monthly reviews to track progress and report on security instances. A recent report found that within one month, 22% of inbound emails for Thrive had been identified and rejected as they were unsafe. These reports enable Thrive to see the value in having a resilient infrastructure that is protected from data breaches
