Oxford Computer Consultants (OCC) is an IT services company that sells a range of products to Local Authorities and Health Trusts. As a company, RestAssured will give us a competitive advantage by:
- Allowing us to host solutions less expensively
- Enabling us to answer tender questions better. This is both a matter of meeting minimum pass criteria as well as scoring as well as possible on each evaluated question
- Helping us complete Penetration Testing and ISO certification quicker. This also applies to meeting Cyber Essentials requirements
- Reducing the risk that a data breach will occur in one of our products (since this would damage our reputation and could potentially lead to legal action against OCC)
- Creating opportunities for consultancy services
Each of these potential exploitation opportunities is explored below:
Hosting Solution Costs
RestAssured uses Intel SGX hardware and partitioning of cloud services into parts that need secure (and thus more costly) computation vs. other parts. Thereby providing optimal use of resources, while delivering data protection and secure data processing. Hence, cloud offerings based on RestAssured technology can be offered in a secure and trustworthy way, while keeping resource usage and thus costs at bay.
The commercial impact of this can easily be measured. Our average annual hosting costs for each client application are in the order of €20,000 per annum. We host just over 80 sites. Therefore, even a 10% saving would represent a cost saving of €160,000.
No current services for the management of social care contain the privacy assurance for citizens managing their own social and health services that RestAssured offers. This will become more prominent with the roll out of the self-service portals and citizens take a more direct role.
RestAssured enables us to provide state-of-the-art responses to these requirements which will play a crucial part in winning contracts against UK and international competitors. Given that we are frequently competing against large corporates such as Oracle, having demonstrable technology solutions to risks is important.
Certification, Compliance and Risk Management
As a company, OCC maintains certified ISO 27001 compliance as well as pen testing all products. We are also working towards compliance with Cyber Essentials. Whilst pen testing evaluates the compliance of our software products, ISO 27001 evaluates OCC methodologies for risk and security management.
RestAssured Model-based engineering methodology provides a true risk-based approach to threat identification that aligns with ISO 27001. Compliance with ISO 27001 is an important overhead cost for OCC and the RestAssured methodology provides a more rational, cost-effective use of security to identify, reduce or mitigate risks than the current goal-based approaches.
Using the Model-based engineering methodology developed in RestAssured, we are able to run models for capturing multi-stakeholder cloud systems and their security concerns. By the end of the project, we plan to have example of these models that we can use and adapt for different customers. This will reduce the possibility of OCC failing to identify and model application risks and will provide valuable evidence that a ‘due process’ was followed in our project work.
Opportunities for Consultancy Services
OCC plan to further exploit the project results from RestAssured by offering consultancy services to new or existing clients. The project results can be used directly as case studies to demonstrate the project concepts and software working in real scenarios to engage and introduce clients to project work. This presents opportunities to sell additional customisation and integration of these tools, or consultancy advice and knowledge gained through the project work. This consultancy model is being used successfully for other H2020 projects, for example OPERANDO, where RestAssured results will add to the credibility of the current offering to clients.
Innovative SME’s have expressed strong interest in consultancy services. RestAssured establishes OCC as a supplier of specialized privacy software development services and connection into European networks concerned with European privacy.