Thursday, 20 April 2023

When Jokers Attack

As I have written about before in this blog, taking robust precautions to safeguard our systems and data is more essential than ever. That might be down to keeping staff clued up on their password hygiene, not giving user details away for the price of a Mars bar, or having robust penetration testing regimes and cybersecurity in place.

As an ICT director responsible for more than one local council, said to me before Christmas, its not about IF you will suffer a cyber attack, its really about WHEN that you need to reconcile yourself to. The extent of preparations prior, will determine how fast you will get back on your feet and how much it will all cost. A number of councils, the NHS and the UKs largest housing group have all fallen victim to attackers.

The latest victim last month was Capita.

The Guardian reported, “Capita admits customer data may have been breached during cyber-attack”, “Hack caused major outages for some clients including local councils and ‘potentially accessed public sector data ‘”. Full article here 

Capita runs a lot of outsourcing across the UK and public services, particularly local councils. There is no suggestion in the article, that hosted databases specifically for social housing customers were specifically part of the breach. However it illustrates the importance of where our data is stored and how secure it is. From the Guardian article, you can get the feeling that any ‘data in transit’ might have been more at risk than hosted solutions.

Putting it in perspective, the article states while only 4% of its IT systems were affected, Capita admitted that data was breached during the incident.

When procuring Cloud hosting, most contracts these days stipulate compliance to organisation and local authority guidelines. Commonly these include segregation of Cloud data and sometimes enhanced storage/access to blue-light service standards.

While I say ‘most’, I mean all of mine! In reality, I have come across quite a few hapless councils (& others) who have acquired Cloud solutions with the security profile of a big mature Swiss cheese. Some of these can be way worse in a security sense than traditional on-premise solutions, accessed behind relative safety of a Citrix farm.

Nobody can be complacent and if anything, Cloud hosting needs ever more imagination than ever to keep data safe. Good initial contract conditions are essential, regular checks (such as robust penetration testing, sample restores/extracts etc) and continued vigilance the way to go.

As Sergeant Phil Esterhaus's (Michael Conrad) morning roll call catchphrase in 'Hill Street Blues' used to go, “Let's be careful out there”.

Thursday, 6 April 2023


I find these days, we are in a way different place with what councils, Housing Associations and charities etc, are looking for in integrated housing systems, (the classic HMS). Trends I am seeing are a look to offerings being cloud hosted, browser based and particularly a trend to seek to have ‘more eggs in one basket’. That's the foundation for the more sexy stuff, the chatbots , plumbers equipped with jet-packs and AI.

Days of the third-party contractor, DLO, Asset Management, Gas servicing/compliance Solution, CRM, seem ever more numbered and there is still a perception that integration is still a major gotcha. More of the newer HMS’s have better quality modules and integration less of a worry, if its all in the same application and database. Many sites are moving or have moved already away from Citrix farms, Terminal Services and looking after their own data centres.

On the Cloud and Browser question, it looks like that argument has already been had, done and dusted with a smaller number of suppliers monopolising the offerings. We know who they are, but there’s the one that was already in a browser, one rewritten totally from scratch, one retrofitted and everyone else promising or rushing to ‘catch up’. The new solutions (Ian and Simon, you know who I am thinking of) that have emerged in the last few years have all been designed as Cloud/browser from the start and slowly eating the lunch of some of the established players, particularly at the lower end of the market. You sometimes get a finance system thrown in too, if its useful to you.

Pretty much most recent procurements have gone to one of these, apart from some of the more adventurous organisations, selecting Salesforce or Microsoft D365. The policy allows some surety of having a platform with hopefully a 10 or 15 year life.Moving an established legacy HMS, to being browser based is no mean feat, as others have learned. £10m spent economically in Vietnam, Eastern Europe or India and perhaps 4+ years on, does not guarantee an instant winner.

Some of the main HMS players circa 2010 onwards, represented by their freebies

As we know, web based applications can work well on tablets etc out in the field, helping staff to be more mobile, capturing information as close to its source as possible. Variety of devices that can be used, is also attractive, in contrast to the way that laptops requiring Citrix connections, quickly become rests for A4 pads, with notes taken back to be re-typed into a system later, double entered.

With that backdrop, even with a significant customer base, it would be a brave supplier to look to buck the trend. So it was very surprising this week to hear of one of the larger suppliers, informing its customer base that it was pulling its replacement browser offering and concentrating resources on its legacy fat-client HMS product V4.

Due to ‘customer feedback’, Aareon UK are pulling their new replacement upgrade browser solution, (strap-line “QL Yuneo, it's all about YU and your future”). While many customers mid-term on contracts are not going anywhere soon, perhaps rolling annual term ones, may take this opportunity now to take stock. (as at May 2023, there were just two articles on their site, still referencing Yuneo )

Customers, Its all about YU 


Aareon do have operations in social housing across Europe and in theory could take a new tack and re-purpose a solution, more economically from perhaps Germany or Sweden. Regulation in each country is problematic however, even here in the UK, across England, Scotland & Wales. So customisation costs would likely be high. Alternatively, they could buy up one of the ‘young pretenders’ and re-badge. 

It will be interesting to see what happens next with this repositioning. Some procurement decisions might be revisited on the back of this. Its always surprising to me how little knowledge some landlords/providers have at times, on the current marketplace. Subscribe to our blog here on this link, to always catch the latest news on whats happening in the sector.

