How the UK MoJ achieved secure networks for prisons and offices with Palo Alto Networks

When it comes to digital transformation, there are few organizations that face the unique challenges of the UK’s Ministry of Justice (MoJ)

The MoJ operates around 1,200 sites, across which 96,000 civil servants and 6,500 contractors work, with this number changing all the time. But to make matters even more complex, it also provides network services to the UK’s prison population – handling the laptops, Wi-Fi, and more for 87,000 prisoners.

It’s uniquely difficult to deliver such a wide range of services and online environments. Prisoners require secure, digital and educational services, staff including prison officers need secure access to corporate networks, and on top of it all the MoJ is responsible for cloud application services for UK citizens involved in the justice system.

“If you’re unlucky, anyone could be our client, so to speak,” says Tom Churnside, head of network architecture at the Ministry of Justice UK. “There are things from legal aid to compensation, and so on – it really is a very diverse set of users.”

Three to four years ago, the MoJ worked with several managed service providers (MSPs) delivering its WAN, LAN, and secure edge, alongside a legacy MPLS network.

Nava Ramanan, deputy director, Digital Infrastructure & Security Operations at the Ministry of Justice UK tells ITPro this was hugely inefficient,

“In some sites you may find multiple sets of network connectivity, costing taxpayers,” he says, adding that it reduces visibility for security teams.

Churnside explains that in the past, different physical infrastructure was used within prisons depending on one’s use case, which proved inefficient, costly, and incredibly hard to control.

Driven by this need to move away from its legacy approach toward secure access service edge (SASE) and a zero trust approach, the MoJ issued an invitation to tender which was won by Palo Alto Networks.

A chief aim of the MoJ’s digital transformation with Palo Alto Networks has been to make the user experience better while improving IT security and this required Ramanan’s team to maintain the same level of logical separation while dropping the need for redundant hardware.

In collaboration with Palo Alto Networks, the MoJ has now moved its networking config to a single cloud platform, improving its visibility, reducing complexity, and speeding up its deployment capabilities.

The MoJ’s entire user estate including mobile devices is now also, explains Churnside, connected to the cloud via Palo Alto Networks’ Prisma Cloud. This means its users can connect to the organizational systems remotely.

Over the past two years, the MoJ has expanded the service across 250 to 280 sites, accelerated by its new cloud-based approach. This is no small feat, as Ramanan explains.

“So for example, if you want to roll out Wi-Fi into prisons you can think about the width of the prison walls, how the Wi-Fi signals would penetrate,” he says. “So you need to put more access points that's another thing.”

Churnside adds that operating and expanding networks across prisons comes with unpredictable issues, such as the need for additional staff to escort network engineers seeking to install cables around sites.

Facing down cyber threats

So when it comes to zero trust, it's not just about networks, it's about endpoints, it’s about cloud, it’s about application security,” says Ramanan.

He tells ITPro that the MoJ has also consolidated its SIEM solutions, meaning it now has a single pane of glass view of its security operations.

As a government department, the MoJ is under constant threat from cyber attacks, both from state-sponsored threat actors. But across its sprawling estate, it also faces a challenge that other government departments do not: concerted, internal threats from its prison population.

“We’re different, we have a target on our fronts as well because half of our users are prisoners with a lot of time and some of them are in prisoners for cyber crime, some of them are very advanced,” Churnside explains.

He adds that the stakes for successful breaches are high, as prisoners could be attempting to contact previous victims or obtain court information.

Ramanan adds there have been “a number of attempts” by prisoners to carry out cyber attacks in the past, underlining the need for the MoJ’s capable security operations center (SOC).

Ramanan says that in light of this, ensuring systems that are deployed into prisons must have complex layers of defense including WiFi controls and firewalls and that the MoJ’s readiness to respond to cyber incidents is high.

As part of its digital transformation, the MoJ also had to deploy new laptops for prisoners, on which specialized penetration testing has been carried out.

The MoJ’s SOC already processes 11 to 12 billion events per year, with lots of automation used for incident resolutions. It’s also preparing for greater internal generative AI uptake, using Palo Alto Networks’ AI Access Security to mitigate potential data threats associated with internal AI tool adoption.

“There are just so many events that the reality would be, if you didn't have an intelligent way of analyzing them all because now we have so much more visibility, you’d just be picking which ones to ignore – which is a position nobody wants to be in,” Churnside says.

For organizations looking to complete a similar journey, Ramanan stresses how important it is to get stakeholders involved and in the right mindset, as well as to plan user personas and requirements really well in advance.

“Keep things simple, keep it out of the box, do not customize it so you can’t upgrade,” he adds.