Case study overview
About Nottingham College
Nottingham College is one of the largest further education and higher education colleges in the United Kingdom. Based in the city of Nottingham in England, it provides education and training from pre-entry through to university-degree level at its 10 centres in the city and around Nottinghamshire.
Given the aging nature of their infrastructure, Nottingham College had started looking at key strategic milestones and solutions as they transitioned to their vision of ‘Cloud First’. During this review, the College repelled a cyber attack from an attacker attempting to encrypt data by ransomware, and as their data was only being backed up to secure locations locally, they had to ensure their staff and student data couldn’t be encrypted by ransomware, should further attacks occur. Therefore, Nottingham College, at pace, needed to create a Cloud backup of all their data and transform their disaster recovery process.
In conjunction with AWS and CirrusHQ, within hours of the initial attack, data was being backed up to the AWS Cloud. In the following month, CirrusHQ provided enhanced hypercare support to the College as they transitioned to a transformed infrastructure landscape which put the College back in control. The college gained immutable backups, whereby the data once written to AWS cloud, could not be modified, and was read only. Therefore, should any potential future cyberattack attempt to erase backup data, it would be thwarted. Further, the college gained the ability to either restore from backup into either AWS cloud, back to on-premises or a hybrid of both.The College team now has a known solution in Veeam, as the glue backing up data in all workloads to AWS with a disaster recovery process, and ability to select preferred restoration locations.
Nottingham College gained the ability to save backups, which were immutable on AWS, with the flexibility to restore in situ, across various campuses, or on AWS. This resulted in maintaining integrity of the data and placed Nottingham College in a position of strength when in a disaster recovery situation.
More performant, robust and future proofed security.
immutability guarantees data archive integrity
Robust business continuity
Tested and repeatable recovery process for minimal business impact.
Refined Cloud strategy
Security transformation verified a Cloud First strategy.
About APN Partner CirrusHQ and Amazon Web Services
Nottingham College was undertaking a large-scale review of its infrastructure landscape, as part of due diligence, at looking at multiple Cloud vendors and key frameworks, including OCRE and OGVA. As a leading AWS Education Certified Partner, CirrusHQ were working in conjunction with AWS and the College to review their landscape, when the cyber attack occurred.
“Working with CirrusHQ has been refreshing, not only do they possess expert level knowledge of the product, they are extremely customer centric, and that is a perfect combo.”
Mohammed Shiffa – IT Manager Infrastructure and Applications, Nottingham College
The experience from the attack gave Nottingham College the ability to drive their IT strategy forward with greater knowledge, security, and further forward, plus demonstrating that a Cloud First strategy is the right direction for the College.
Technical case study
Nottingham College were analysing their infrastructure estate and reviewing options from key suppliers to move towards a Cloud First strategy. However, during this process they fell victim to a cyber attack with the purpose to apply ransomware. Attacks on the public sector and on Education establishments have unfortunately become commonplace, with warnings from NCC Group and Government. Once this attack was successfully mitigated, the College responded at pace, in conjunction with AWS and CirrusHQ, to move all their backups to AWS and transform their business continuity and disaster recovery process.
This transformation was made during a critical period where CirrusHQ and AWS worked to ensure that all backup data was moved to AWS to ensure a secure, object versioned, and therefore immutable location where it is safe from attack. In the process, restoration procedures were updated to give flexibility to the College on management and restoration of each workload.
The resilience that Nottingham College has from attack now gives the College an instant grounding on AWS and ability to drive their original project forward with greater knowledge, security, demonstrates that a Cloud First strategy is the right direction for the College.
Nottingham College was undertaking a large-scale review of its infrastructure landscape, understanding its complex legacy estate, capturing technical debt, and forming a strategic project to move to Cloud using Cloud First principles. As part of due diligence, the college was looking at multiple Cloud vendors and key frameworks, including OCRA and OGVA. Given the aging nature of infrastructure, the project was looking at key strategic milestones and solutions to manage hybrid solutions as they transitioned to their vision of Cloud First.
While discussions were moving forward, Nottingham College was hit with a cyber attack, fortunately they were testing security systems at the time of the first attack and able to repel that attack. However, that incident triggered alarm bells within the infrastructure team at the college: as currently their data was only being backed up to secure locations locally and they needed to ensure that data couldn’t be encrypted by ransomware should further attacks occur. Therefore, Nottingham College, at pace, needed to create a Cloud backup of all their data and transform their disaster recovery process.
CirrusHQ specialise in AWS, and holds the Education Competency at AWS. CirrusHQ were working in conjunction with AWS and the College to review their landscape, understanding business needs, and ensuring customer success on AWS.
Steps taken to transform Nottingham College’s Disaster Recovery:
Nottingham College contacted CirrusHQ within hours of the attack in order and agreed the following criteria:
- Create an offsite solution for backing up all their data.
- Ensure that data was immutable and safe from ransomware malicious encryption.
- Ensure that their data has a tested recovery process for all business continuity and disaster recovery situations, either on-premise or within AWS.
The benefit of this approach was to give Nottingham College the ability to save backups, which were immutable on AWS, the ability to restore in situ, or at a different campus, or on AWS. This resulted in maintaining the integrity of the data and placed Nottingham College in a position of strength when in a disaster recovery situation through the recovery options available to them.
CirrusHQ started to build out the infrastructure on behalf of Nottingham College the same day by creating an AWS account and building out a landing zone with a secure Amazon S3 location, guardrails with AWS Config, and all deployed with infrastructure as code with AWS CloudFormation.
The project was undertaken in two main phases, phase 1 was to focus on getting the backups on AWS. Then phase 2 was to update key backup tooling to ensure Nottingham College had the right tools for managing backups and disaster recovery processes.
In phase one, CirrusHQ created the AWS infrastructure as shown in the diagram above.
CirrusHQ deployed AWS Storage Gateway, which gave Nottingham College a target location, which gave them the appearance of an on-premise file store, at which point they could start to copy their backups and get them onto AWS. The data was then encrypted in transit and rest using Amazon S3 server-side encryption.
Within Amazon S3, object versioning was switched on, this ensured that even if the data was compromised/encrypted for ransomware, then Amazon still had a replica of the data protected, and therefore became an immutable target for backups to safeguard Nottingham College’s data.
With the constraints limited on how much data could be transferred, it became apparent within a day that an AWS Snowball device was needed. With our close partnership with AWS account teams, they managed to get a snowball device to Nottingham College a day later. This gave the College two methods to move the backups to AWS. During this time both were utilised to ensure maximum efficiency and protection of the backups were managed throughout.
Within the subsequent few days all backups and data were in AWS, protected, and restoration proved.
In phase 2, now that all backups were in AWS, a review of the costs and logs indicated that Veeam should play a more central role in the backup process from on-premise. Nottingham College already used Veeam and with the native capabilities in Veeam Backup 11, the backups could be uploaded by Veeam itself to Amazon S3. The Veeam orchestration then replaced the AWS Storage Gateway service, which then allowed Nottingham College to utilise a tool familiar to them, but also, Veeam is now controlling management of backup processing, the lifecycle of immutable archives and the reporting success/failure of backups as before, the updated infrastructure is shown in the diagram below.
Within a month of the initial attack, all of Nottingham College’s data was backed-up to AWS, any hypercare post project removed and a transformed infrastructure landscape that put the College back in control.
Results and Benefits:
The team effort between AWS, Nottingham College, and CirrusHQ ensured that a malicious attack was acted upon immediately, transforming a complex situation into a positive outcome for the College.
The College team now has a known solution in Veeam as the glue backing up data in all workloads to AWS. Using the orchestration capabilities that are familiar to them, they can now manage their business continuity and disaster recovery process and choose the restoration location preferred to the team. It has significantly reduced the RTO and RPO times within the College and ensured that security non-functional requirements are further maintained to the highest standard. Using AWS and the infrastructure built by CirrusHQ, the College is in a position where they can be safeguarded from attacks of this nature again.
The wider impact has accelerated Nottingham College’s strategy, and narrowed the focus, yet completely validated their decision to move to a Cloud First approach.
Mohammed Shiffa (IT Manager Infrastructure and Applications – Nottingham College):
“Working with CirrusHQ has been refreshing, not only do they possess expert level knowledge of the product, they are extremely customer centric, and that is a perfect combo”
As an AWS Advanced Consultancy with 50+ staff certifications, we are 100% exclusively AWS cloud which enables us to have a broad and deep expertise on the platform. Customer Service is also critical to us as our NPS score +78 validates that we care about our customers and provide excellent service.