gemserv digital transformation - eln) - events · gemserv gemserv digital transformation case...

Gemserv Digital Transformation Case Studies

Gemserv Digital TransformationCase Studies


THE INTERNET OF THINGS (IOT) CAN OFFER HUGE ADVANTAGES TO BUSINESSES WISHING TO EMBRACE DIGITAL TRANSFORMATION. WE HELP BUSINESSES SUCCEED USING IOT. MAXIMISING SUCCESS AND MINIMISING RISK.

Gemserv Digital Transformation Case StudiesGemserv

3

This brochure aims at highlighting services offered by Gemserv, through a collection of case studies. Our services range from solution and architecture design, security and privacy due-diligence, device assessments, to market research and competitive landscape reviews. Gemserv expertise in the emerging technologies space and digital transformation has led to a number of engagements across various sectors, such as Utilities, Critical National Infrastructure (CNI), Transportation, Health, Catapults and Government bodies.

The following case studies are some of our most recent engagements, through which we helped our clients achieve:

• Additional funding by demonstrating robust product assurance • Wide scale deployment • Strategic focus for further service expansion


CASE STUDIES4


5


VERV

Verv specialises in high-frequency disaggregation, machine learning and data analytics, with the purpose of making homes and buildings smarter and more efficient.

The Verv device is a mains-powered smart home hub that uses machine learning to perform device recognition, allowing the user to identify key appliances in the home and check running costs in real time. It supports fault prediction, home protection, financial calculations and environmental impact the more it learns your home.

It further uses patented Artificial Intelligence (AI) technology to analyse electricity data and appliance usage in the home straight from the mains to unlock unique insights and create new smart home experiences for consumers.

In addition, by incorporating blockchain technology into the hub, Verv enables peer-to-peer energy trading via a proprietary platform.

THE CHALLENGE

Over the last decade, the scale of cyberattacks have increased dramatically. The number of attack vectors enabled by the increasing internet facing interface points, coupled with the rapid development of the Internet of Things technology, have created the need for robust security to address increasing concerns amongst consumers and stay compliant against regulations and security best standards.

Securing the edge device and its associated services is a fundamental step that allows service providers to ensure they protect customer data, build trust, and maintain reputation.

Gemserv was able to offer expertise around securing the Verv device against security best practices and to best ensure compliance with existing and upcoming regulations, allowing Verv to strengthen their product roadmap.

OUR APPROACH

Based on the agreed scope, Gemserv conducted a comprehensive assessment, composed of two distinct phases:

• Evidence-based Assessment• Product Testing (Penetration Testing)

To complete phase one of the engagement, Gemserv gathered key information and supporting documentation required to the security characteristics of the solution. Collaborating closely with the team at Verv, we were able to identify the strengths and areas of improvement.

The second phase of the engagement was penetration testing the product. This is done to find security vulnerabilities that an attacker could exploit. The process involves gathering information and attacking the device through reverse engineering and hacking tools. Test areas include, hardware, software binaries, firmware, and communication interfaces.

A confidential report was provided clearly showing the status of each security objective, through a Red, Amber, Green (RAG) evaluation system.

As part of the process, Gemserv provided Verv with a list of mitigation actions and countermeasures that can serve as starting point to achieve full compliance against the Department for Digital, Culture, Media & Sport (DCMS) Code of practice.

6


EVERGREEN SMART POWER

Evergreen Smart Power’s Virtual Power Plant (VPP) provides services to Energy Suppliers and Energy Service Companies. The platform is a cloud-based distributed power plant that aggregates the capacities of heterogeneous Distributed Energy Resources (DERs) for the purposes of trading or selling power on the electricity market and offer a reliable mechanism to balance energy supply and demand.

The platform uses machine learning features to produce forecasts and predict behaviour to access load flexibility behind the meter in a more efficient way. By maintaining a picture of the aggregated near real time turn up/down capability of all loads in the portfolio, the platform allows end users and stakeholders to benefit from Demand Side Response (DSR) revenues and, at the same time, contribute to reducing greenhouse gas emissions.

THE CHALLENGE

Evergreen Smart Power incorporated in 2018, required an independent competitor landscape review to better understand the market and assist in improving the competitive position of their service offering, including the identification of potential partners.

The Energy Systems Catapult (ESC) appointed Gemserv to carry out a market research, leveraging on the expertise, knowledge, and insight that Gemserv can offer on the wider electricity market and its future developments.

OUR APPROACH

The initial step for carrying out an effective competitor landscape review is to define competitor and collaborator characteristics, based on their current and future solution offerings. By working closely with Evergreen, Gemserv could gain an in-depth understanding of Evergreen’s solution, and targeted market, along with insights on their business model and future developments.

This information allowed Gemserv to proceed to the next step, which included generating and applying a customised research questionnaire with the purpose of creating a thorough profile of every relevant participant in the supply chain.

Companies were reviewed both from a business and technology perspective, including collecting information such as a company’s investors, funding, distribution channel and market reach, as well as service characteristics and solutions provided.

To present a clear and easy-to-understand output, Gemserv produced a series of visuals. These included a value chain and supply chain mapping of the entities identified in relations to the energy market structure. In addition, a simple visual ranking of competitors in the form of a magic quadrant was provided, to map market leaders, challengers and companies with the potential to grow.

With the competitive information about the Energy participant landscape, Gemserv carried out an independent analysis of Evergreen. The reference framework assessed their Strengths, Weaknesses Opportunities and Threats (SWOT), to produce an objective SWOT analysis that provides a measure of their forward-looking performance.

7

Gemserv Digital Transformation Case StudiesGemserv Gemserv Digital Transformation Case Studies

7

Gemserv Gemserv Digital Transformation Case Studies

HOME ENERGY MANAGEMENT SYSTEM

As part of the Government’s Clean Growth Strategy, a commitment of up to £7.6 million was made to promote demonstrations of innovative energy demand side response (DSR) technologies to reduce energy use in peak times and provide flexibility to the energy system. Our client was chosen to participate in this competitive cohort due to its innovative home energy management system that can directly control a community of domestic battery systems using advanced algorithmic controls and its cloud platform, enabling their combined use for demand response services.

THE CHALLENGE

Our client realised that the impact of deploying an insecure product into thousands of homes would be catastrophic and it was important to perform appropriate due-diligence when developing their connected product. Having multiple components meant that there was a variety of attack surfaces and appropriately securing them needed a holistic view. Implementing security by design into their device and associated services was vital to their product and success.

Gemserv was chosen as a trusted security partner based on our strong experience in securing and reducing risks of IoT solutions within energy sector initiatives such as Energy Systems Catapult and Energy Entrepreneurs Fund.

OUR APPROACH

Our client’s product is designed to be deployed in consumer homes and therefore the client identified that it would need to align with DCMS’s recommended Code of Practice and the newly formed ETSI TS 103 645 standard, in ensuring the product maintains secure characteristics such as, not using default passwords and storing credentials securely, implementing a vulnerability disclosure policy, minimising exposed attack surfaces, and ensuring software integrity. In addition, the process ensured alignment with best practice guidelines from leading security organisations such as IoTSF, GSMA, and OWASP.

We started by looking at the end to end system architecture to understand components in the Edge, Cloud and the interconnections between them. Together with our unique risk classification model, we assigned an assessment classification that is relevant to its intended use environment. The next step was to assess the gaps within those components and we used our comprehensive assessment checklist that examines core areas such as encryption, supply chain security, software update processes, business processes around data privacy and user documentation amongst others. This helped us and our client’s team to develop a clear understanding of areas where security can be enhanced. Our confidential report broke down key statistics of the assessment areas and their associated controls. In addition, an easy to follow prioritised mitigations list was provided as part of the remediation plan, which showed how implementing the proposed mitigations could help better align with DCMS’s Code of Practise to ensure our client’s product is secure by design.

8


PRESCIENCE

Presciense Ltd is an innovative end-to-end secure solutions provider working with utilities and service providers aiming to bridge smart energy management and home automation through their award winning scalable, integrated IoT platform.

To aggregate, monitor and analyse smart energy and home data, Presciense provides a fully-featured energy platform as a service solution that includes a range of home gateways capable of edge processing that connects smart devices including utility meters, thermostats, smart plugs, appliances, sensors and distributed energy resources.

THE CHALLENGE

The security of internet connected devices can no longer be considered optional and therefore manufacturers, service providers and consumers are looking for ways to ensure the devices they produce and purchase follow security best practices. Consumers are concerned that hackers will control their IoT devices, steal data or breach their privacy. Service providers need to ensure their network is secured to protect customer data, build trust and maintain reputation. Manufacturers realise the need to remain compliant with legal and regulatory obligations by ensuring their device has considered security by design and that best practices were followed. Presciense conducted an internal risk assessment of their Polaris Device that highlighted a need to have an assurance by getting the device assessed by a competent, independent third party.

Presciense appointed Gemserv to conduct the assessment on their Polaris device, due to our significant expertise in information security, data privacy and the IoT to understand the devices security posture and its compliance against the DCMS code of practice and other emerging regulations.

OUR APPROACH

To achieve this, we used our comprehensive Device Assessment Framework (based on industry best practice and the DCMS Code of Practice). We started by assessing the risks to the confidentiality, integrity of data and availability of the device, through our Device and Impact classification process. This resulted in an assessment class which helped us draw a detailed set of controls from key security areas such as software updates, encryption, supply chain security, hardware security and business processes that are relevant for the device type, its function and intended use environment.

A confidential report was produced clearly showing the status of each security objective. To supplement this an array of visually comprehensive charts showing status of controls were generated providing a high-level overview of their assessment status.

In addition to this, a list of mitigation actions was produced after assessing the likelihood of the vulnerabilities being exploited and the impact this could have in its current use environment. Putting this through a risk management framework allowed these mitigations to be prioritised, enabling the client to channel their efforts and resources in a way that is efficient and balance their return on investment.

9


GOVERNMENT OF JERSEY

The Government of the island of Jersey (GoJ) is responsible for the management of the island’s public services. The vision of the GoJ is to transform from its current multi-departmental structure to a more streamlined organisation (One Government), be customer focused, and deliver the best possible public service. This began with a digital transformation programme towards eGovernment (eGov) to provide services to their citizens via digital channels – the e-Gov Programme. To achieve this, ASE (a Gemserv company) was engaged to establish a Design Authority to support transformational change and apply this capability to deliver a number of enhanced services aligned to the overall vision and strategic direction of GoJ.

THE CHALLENGE

Prior to 2016, there was no Design Authority capability within the GoJ, and neither mechanisms nor governance to ensure Government services were designed within a common framework, aligned to a strategic direction. The broad aims of the Design Authority were to build target architecture models that will result in structured discussions and optimal decision making, build governance frameworks, and increase the pace of change. The Design Authority was to be designed to include the following dimensions:

• Service Design, i.e. Business Architecture • Information and Data Management • Applications and Systems • Technology • Cyber Security

OUR APPROACH

While primarily focussed on provision of digital services, our approach has been to instil common disciplines across the GoJ and focus attention on other necessary activities across people, process and technology. ASE has provided a fully embedded Design Authority function within GoJ with a set of principles, architectures and rules for redesign of services to maintain alignment between the business and technology elements. The Design Authority operates in the following way:

ASE’s key deliverable was a holistic view to enterprise architecture in a multidimensional way, that provides support to projects, governs project designs and creates architectural artefacts that align across and within departmental projects to the organisation as a whole. ASE has delivered a set of architectural artefacts, including reference architecture, security, application and technology architecture, customer-centric maps, standards, principles and guidelines that have been adopted across the GoJ, and now form the basis for establishing baseline for all key procurements.

DESIGN AUTHORITY

Supporting transformational

change

InnovationProportionate,

robust and effective governance

Enhancing architectural sustainability

Aligning with ISD digital

transformation

10


MAKING THINGS THAT MATTER WORK BETTER FOR EVERYONE.

OUR VALUES

INNOVATIVE We challenge convention, bring fresh ideas, embracing diversity and change.

INSIGHTFUL We apply our trusted and unrivalled skills, knowledge and experience.

COLLABORATIVE We listen and inform, working together with honesty and respect.

IMPACTFUL We are passionate about making a difference, taking personal ownership for delivery excellence.

Tackle today’s social and environmental

challenges.

Improve and simplify the way markets work through our extensive

sector expertise

Harness the power of digital transformation

WITH OUR CLIENTS, WE:

OUR PURPOSE:

Ensure data is protected and used ethically

11

Gemserv Digital Transformation Case StudiesGemserv Gemserv Digital Transformation Case Studies

11

Gemserv Gemserv Digital Transformation Case Studies

WE ARE AN EXPERT PROVIDER OF PROFESSIONAL SERVICES IN A WORLD DRIVEN BY DATA AND TECHNOLOGY. OUR CAPABILITIES INCLUDE:

SCHEME MANAGEMENTOperating national schemes on behalf of industry and government

REGULATORYGovernance, assurance and market design.

CONSULTANCYSpecialist technical and other advisory services.

PROGRAMME & PROJECT MANAGEMENTContract management and project implementation.

PROCUREMENT & COMMERCIALRunning large scale public and private procurements, supply chain support and commercial advice.

DIGITAL TRANSFORMATIONIT, IoT and technology integration services.

DATA SERVICESCyber security, data protection, data privacy and ethics. Maintaining data availability, currency and quality.

STRATEGYFrom vision to action.

TESTING & ASSURANCEInteroperability, interchangeability and security.

12

ISO 9001

Contact Us

To get in touch with us contact us at:

E: [email protected]: +44 (0)20 7090 1091W: www.gemserv.com@gemservinfosec

London Office8 Fenchurch PlaceLondonEC3M 4AJCompany Reg. No: 4419878

Dublin OfficeFitzwilliam Hall Business CentreFitzwilliam PlaceDublin 2Ireland@gemservireland

GemservMaking things that matter work better for everyone.

gemserv digital transformation - eln) - events · gemserv gemserv digital transformation case...

Documents