UKHSA and BJSS Boost Security and Performance of Critical Health Services

Executive Summary

Teams from the United Kingdom Health Security Agency (UKHSA) collaborated with BJSS to bring its Test & Trace health services rapidly into Amazon Web Services (AWS) during the COVID-19 pandemic. The government agency, which already hosted many of its services in AWS, enlisted BJSS to build an environment to improve and enhance security, resiliency, and operational control and visibility of its services. In less than 2 months, UKHSA launched a solution that today hosts more than 90 workloads and more than 200 AWS accounts and scales to more than 25,000 users. UKHSA improved its agility to deploy secure services quickly that protect the health of the British population.

Striving to Deliver Quality Health Services to Great Britain

In summer 2020, the UK government needed to increase its oversight of the services it had rapidly deployed in response to the COVID-19 pandemic. These health solutions were siloed due to multiple suppliers implementing them, making it time consuming for UKHSA to carry out its mission to monitor their security, efficacy, and infrastructure spending.

Protecting users’ private data is critical for national security infrastructure, so UKHSA wanted to improve the consistency of its security controls. It decided to improve its onboarding of new projects, which previously were across multiple environments and supported by various suppliers, by facilitating interactions between suppliers using more connected communication tools. UKHSA also wanted to migrate its various health services—including the NHS Test and Trace Program, which locates the contacts of anyone with a recent positive COVID-19 test and supports the isolation of those infected to prevent spread—into a single cloud environment where it could rapidly develop and deploy new services.

Through procurement competition, UKHSA awarded a contract to BJSS, an AWS Public Sector Partner. BJSS rolled out BJSS Enterprise Cloud, a cloud landing zone accelerator built on AWS. Using BJSS Enterprise Cloud and other AWS services, UKHSA gained greater transparency and control as well as the agility, flexibility, and scalability to adapt as the sovereign nation’s health needs evolved.

"What stands out is the speed at which we were able to respond to an urgent government requirement with highly secure, scalable, centrally managed access to AWS services."

—Mohamed Zamzam, AWS Alliance Lead, BJSS

Uniting Services on the Cloud

BJSS delivers engineering and digital transformation solutions as well as managed and advisory services. As an AWS Advanced Tier Services Partner with five competencies, it was well positioned to help UKHSA. Its AWS Healthcare Competency shows a demonstrated technical expertise and customer success in building healthcare solutions on AWS that securely store, process, transmit, and analyze clinical information, and it has an AWS Government Competency for experience in delivering solutions to help agencies meet mandates, reduce costs, drive efficiencies, and increase innovation across federal, state, and local governments.

UKHSA commissioned an initial discovery to BJSS, and when the road map to the solution was in place, BJSS could complete tests of deployments and improvements within 6 days. “That was impressive for UKHSA’s timeline,” says Jonny Da Silva, platform product owner at UKHSA. “BJSS provided the services and support the agency needed to develop its solution and the implementation plan.”

BJSS Enterprise Cloud could provide scalability for UKHSA’s critical national infrastructure by using services such as AWS Lambda, which is used to run code without the need to manage servers. “The systems used to support the COVID-19 pandemic response are innovative, with nontraditional architectures,” says Michael Fordham, group cloud capability lead at BJSS. “Many are serverless because they need to scale for tens of millions of users. On AWS, we could do things quickly and securely and innovate at scale. We could progress rather than spend months in planning, design, and procurement of kit.”

Launching a Solution in Less than 2 Months

UKHSA and BJSS began planning in August 2020 and by October had a solution called HALO. “Within days of deployment, we were onboarding both existing and new workloads while identifying what systems needed to be created with the ever-changing needs of the COVID-19 pandemic,” says Fordham. “UKHSA was immediately designing, implementing, and operating its systems within HALO.” The solution used various AWS services, including AWS Security Hub, a cloud security posture management service that performs security best practice checks, aggregates alerts, and enables automated remediation. “What stands out is the speed at which we were able to respond to an urgent government requirement with highly secure, scalable, centrally managed access to AWS services,” says Mohamed Zamzam, AWS alliance lead for BJSS.

Today HALO hosts more than 90 workloads, more than 200 AWS accounts, and more than 25 million British users, with more than 25,000 simultaneous users on HALO at peak traffic. The users’ private data is stored in Amazon DynamoDB, a fast, flexible NoSQL database service for single-digit millisecond performance at any scale. Some of the workloads for the NHS Test and Trace Program facilitate near-real-time data reporting on the number of daily infections, plus the rollout of lateral flow and PCR tests and vaccinations.

UKHSA increased control over its services’ security posture, aggregated login, secure networking, secure identity, and access management through a single pane of glass on AWS. “Using it, UKHSA could focus on providing, creating, and running critical application responses,” says Fordham. “We took the pain away and helped it to do things even quicker than it could before.” Now, creating AWS accounts that host workloads takes just 24 hours.

BJSS worked closely with UKHSA and AWS to enhance the infrastructure design for cost and function. “BJSS provided guidance and details about the workload strategy and architecture,” says Da Silva. “Every 2 weeks, UKHSA staff met with the AWS team to explore what other services could be used to improve performance, resilience, security, scalability, and cost optimization.”

Using AWS to Support UKHSA in Protecting Britain’s Health

During the COVID-19 pandemic, UKHSA took advantage of BJSS Enterprise Cloud and AWS to rapidly acquire the capabilities that it needed to fulfill its mission of protecting the health of the British population. The government agency has increased security of its health services and achieved the agility, flexibility, and scalability required to quickly respond to the sovereign nation’s evolving health landscape. “Such capabilities now form part of the UKHSA’s multi-cloud approach, and underpinning cloud-first technology strategy,” says Russell Ward, former director of technology services and operations during the pandemic and current technology transformation director.

UK Health Security Agency

About the United Kingdom Health Security Agency

The United Kingdom Health Security Agency is an executive agency under the Department of Health and Social Care that aims to protect the British population from health threats such as infectious diseases and chemical, biological, radiological, and nuclear events.

About BJSS

Founded in 1993, BJSS is a technology and business consultancy with 26 offices globally. As an AWS Public Sector Partner, it delivers engineering and digital transformation solutions as well as managed and advisory services to public and private sector clients across industries.

Published October 2022