Call us

General Enquiries

0845 838 2050

Cloud Managed Services

for Defence Supply Chain Compliance

The Managed Service model for supply chain compliance is by no means a new concept, as defence sub-contractors can today acquire an ‘accredited’ laptop pre-configured to connect to MOD systems for an annual fee. However with the increased adoption of cloud technologies across defence, and the increasing maturity of cloud automation and security, combining the Device as a Service (DaaS) model with the appropriate use of cloud services has far wider potential. As compliance requirements for the relevant defence standard (DEFSTAN 05-138) flows down through the supply chain, proven cloud and DaaS infrastructure provides significant potential, both for SMEs needing a cost-effective and quick route to compliance, as well as defence authorities looking to reduce the complexity and overhead of assurance and supplier risk assessment.

Many industry sectors have seen an increase in the adoption of DaaS for consuming end user devices, including their supply, support and life-cycle management, delivering on the promise of allowing organisations to focus their scarce IT resource on core business activities. DaaS uptake has grown in parallel with organisations increasing their general use of cloud-based services. With today's maturity of cloud platform security, correctly configured and maintained cloud platforms can not only simplify compliance activities, but more importantly support informed risk management processes.

But just as cloud platforms need to be securely configured, monitored and maintained, so do the endpoints that access cloud services, and while DaaS may make endpoint management transparent, any deficiencies on the part of the DaaS provider may result not only in the costly disruption to dependent services, but in potential regulatory failings.

Fortunately, the endpoint security market is also maturing to make it easier for those that wish to, to configure end user devices to simplify both compliance and risk management. A recent project funded by NCSC referred to as CloudClient, demonstrated how robust health measurements could be applied to all software running on an endpoint device, with the corresponding health measurements used to control access to online services, ensuring devices are free of compromise before accessing sensitive systems.

Technology developed for CloudClient is now deployed across multiple UK Government and Defence organisations, and the project’s findings are reflected in the NCSC guidance on Zero Trust Networks, an approach now recommended if deploying new IT architectures where significant use of cloud technology is planned. With defence supply chain security and resilience frequently dependent on self-audit and self-certification across diverse organisations, the common use of proven standards and architectures within cloud and endpoint environments can significantly reduce the aggregation of risk.

Through its work with NCSC, Becrypt has evolved its Managed Service offerings to help organisations simplify the deployment of secure endpoint environments, and through cloud automation, replicate infrastructure and services with proven and compliant security configurations.

Building on the CloudClient project, Becrypt’s secure endpoint platform Paradox can be consumed with a DaaS model, inheriting accreditation and compliance evidence that extends from the endpoint device through to management infrastructure and processes. The DaaS offering referred to as Paradox Edge+, is Cyber Essentials Plus compliant, and may be combined with Becrypt’sEverything 365 Managed Service, providing a Microsoft Office and Azure configuration that has been independently validated as compliant with DEFSTAN 05-138.

Join our webinar to hear how our customers are successfully consuming Secure DaaS

For organisations looking to establish secure enclaves within their wider IT infrastructure, that offers secure office productivity and End User compute, Everything 365 provides an extremely cost effective and quick way to achieve a defence standard compliant capability, reducing in-house IT and security resource dependency, and ongoing costs.

Get in touch with Becrypt today

First name*

Last name*

Email address*

Phone number*

How can we help?*

By submitting your details you are agreeing that we may communicate with you about Becrypt.
I agree to receive marketing updates regarding relevant products and services from Becrypt. Please refer to our Privacy Policy for more information. You can unsubscribe at any time.