Cancer Research 'needs to convince security staff' of public cloud plans

One of the UK's largest charities, Cancer Research, is in the process of developing a comprehensive public cloud strategy for bursts in capacity on public facing websites, but was concerned that it still needs to convince its internal security staff that it's viable.

Jane Swindle, information systems (IS) manager at the charity, spoke to Computerworld UK about its imminent plans to put select infrastructure into the cloud.

"We are always interested in things that could potentially save us money. One big area of interest for us is infrastructure that we could either burst out or actually run from the public cloud," said Swindle.

She added: "So some of our public facing websites we host in a traditional environment -- and with this comes all sorts of costs. We could reduce these considerably if we were to run them ourselves, but on someone else's infrastructure."

"If we did this, we wouldn't have the problem that we currently have where we have to contract infrastructure for peaks in demand. We want to move to a pay-as-you-go model."

Swindle hopes to deploy such a solution for the Race to Life campaign, which has a race season once a year and then "lies dormant" for the remaining months. She said that Cancer Research needs to maintain a holding presence, but by using the public cloud it wouldn't have "peak infrastructure just sitting there".

Cancer Research's infrastructure development team is currently looking at the options in the market, where it will be considering players with a "large presence", and hopes to have a final strategy by the end of the year. Swindle said the charity will move "swiftly" after that to make the move.

However, ICT security staff may prove a sticking point for the team's plans, as Swindle admits that they aren't entirely convinced of the move just yet.

"I think the biggest challenge is going to be our internal audit security people. Convincing them that it's the right thing to do and that all the security measures we need to put in place have been done correctly. People on that side of things don't seem to be moving as fast as the technology," said Swindle.

"I think in terms of functionality, there is always a technology solution out there. The problem is getting the security people to a place where they are happy for you to go and do it."

She added: "The challenge is convincing them that the way to do it is to educate the end-users, rather than anything to do with technology. You need to have an active education programme for your user base so that they are aware of the types of information, and what they can and can't do with that information."


Cancer Research began experimenting with cloud when it embarked on a consolidation project of its real estate in London -- where it moved eight offices into one central building. This began 18 months ago, and as part of the move it placed its entire infrastructure into a third-party co-location facility hosted by Interxion, where it has 99 percent of its estate virtualised.

In doing this it also set up a 1,200 user base Citrix XenDesktop environment, using Wyse T10 thin clients. This project is still progressing as it is upgrading to Citrix 5.6, from Citrix 4.0. Swindle explained that the technology has allowed the charity to make huge operational savings, which has been reinvested into research.

"To stay ahead of the curve we are moving to Citrix 5.6. Citrix 4.0 was all about one-to-one desktop provisioning, so every user would need to have an individual profile set up. Whereas, 5.6 gives you the ability to just have a gold image that can be deployed out to all users, rather than storing an image for every user you set up," she said.

"We saved a great deal of money on power and cooling because of the smaller devices, they use a third of the power of a desktop. In terms of the whole project, we have saved "1 million a year on the operational budget."

Cancer Research was also able to reduce its physical footprint after deploying the virtual desktop infrastructure, though this has not gone as far as Swindle would like.

"We had hoped to see great internal flexibility to reduce the footprint of our internal estate. However, the culture is a hard nut to crack. We were hoping that people would be more willing to share space than they actually are. A lot of people still want to have their own desk," she said.

"We were able to reduce the footprint by a quarter of a floor in March, which is about 125 desks. We now have two floors. If people we more flexible we could reduce that further, but I don't think we will be able to achieve that."

It was also revealed in January that Cancer Research has begun using a cloud-based fund raising platform that was made available to UK charities for the first time this year.

Convio TeamRaiser provides charities with a fully branded online platform that allows registration, online donations, real-time fundraising reporting, event management, email capability and social media integration. It is designed to maintain engagement with participants all in one easy-to-use package.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Derek du Preez

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place