Registers of Scotland is responsible for managing public registers of Scottish land and property, and other legal documents. It is a non-ministerial office and part of the Scottish administration. Its work secures people’s land and property rights and helps underpin the Scottish economy.
The organisation has embarked on an innovative transformation journey to digitise its paper-based services. Modern technology, process automation, and empowered people will enable Registers of Scotland to process thousands of legal applications more quickly and efficiently.
“It’s about removing the pen and paper from the registration process,” says Bob Bowden, Security Architect, Registers of Scotland. “We aim to re-platform Registers of Scotland to a modern, adaptive AWS cloud within a four-year timespan.”
The legacy security system was one of the first systems to come under scrutiny. Outputs from vulnerability scanning were manual and time-intensive to process – as were phishing incidents reported by staff. With the entire organisation moving to AWS cloud, a new, connected security strategy was needed to safeguard data in this newly serverless Land Registry archive.
“Everything was on the table,” says Bowden. “We needed intelligent network security, more powerful endpoint protection, a SIEM to manage security alerts, cloud compliance management, and more.”
Registers of Scotland had two options: to cherry-pick and integrate separate solutions for each security category, or choose a single unified portfolio from one vendor. Bowden explains: “We didn’t have the resources to integrate disparate security technologies. And there’s the risk one of those components would not be aligned.” According to Bowden, Palo Alto Networks offered the best of both worlds: one partner, with one best-in-class security portfolio.
The pandemic was another obstacle. In 2020, Registers of Scotland closed its offices, and any hope of processing property transactions during lockdown faded. The Scottish Government passed urgent legislation allowing the submission of digital registration applications where previously only a paper application was acceptable – but Registers of Scotland still needed an automated means of scanning these digital documents for malware before processing.
At the outset, a Palo Alto Networks Security Lifecycle Review (SLR) summarised the threat exposure and security risks facing Registers of Scotland. It highlighted high-risk applications and vulnerability exploits. The SLR (a free cyberthreat assessment by Palo Alto Networks) findings formed the basis for the new security requirements – to:
Registers of Scotland has implemented almost the entire Palo Alto Networks portfolio to deliver complete, consistent, automated protection against cyberattacks. The unified portfolio provides the organisation with the transparent visibility, trusted intelligence, and flexibility to secure its entire digital environment.
Bowden explains: “The Palo Alto Networks portfolio makes sense on every level. Instead of relying on point security solutions, we have a suite of best-practice, interconnected security technologies that are proven to deliver. Our team can focus on value-add tasks, confident that critical security processes are running in the background, protecting our new digital infrastructure.”
The Registers of Scotland security infrastructure comprises the following:
Bowden is positive about the work to date with Palo Alto Networks. “It’s the intelligence of the Palo Alto Networks portfolio that makes the difference. Innovations like Digital Forensics and a ‘shift left’ infrastructure as code policy with Bridgecrew will all help deliver that journey faster and with less risk.”