Client story Driving Cloud security and maturity for NHS Gloucestershire ICB

Background

NHS Gloucestershire ICB (Integrated Care Board) was looking to overhaul and update its current cloud infrastructure to improve ongoing maintenance, development and security processes. As NHS Gloucestershire’s digital services grew, adopting the NHS’s Cloud-first mandate made it essential to move away from manual processes, to a more scalable and robust, enterprise-ready infrastructure.

Challenge

NHS Gloucestershire needed to overhaul its Cloud infrastructure and web presence to move away from a fragmented and largely manual, infrastructure. Its web presence has been hosted on AWS Lightsail, designed for small, low-maintenance SMB deployments, but this offered minimal monitoring and limited enterprise capabilities. As additional workloads were added, the environment became difficult to manage, impacting compliance and predictability.

NHS Gloucestershire aimed to create a structured, scalable, and compliant cloud environment. The goal was to strengthen security while aligning with standards like the Cybersecurity Data Security and Protection Toolkit and the National Institute of Standards andTechnology. This laid the foundation for enterprise-level cloud maturity.

Solutions and outcomes

Insight worked with NHS Gloucestershire to overhaul the ICB’s Cloud infrastructure. A key element involved moving to an Infrastructure as Code (IaC) model, where all Cloud resources are defined and managed through code stored in a Git repository with tools like Terraform. This ensures version control, precise tracking of changes and the ability to roll back if necessary, significantly enhancing change management and accountability.

To further transform its digital infrastructure, NHS Gloucestershire transitioned to a containerised architecture using Docker on AWS Elastic Container Service (ECS) within a secure, discrete network. This setup integrates with an enterprise-level Web Application Firewall (WAF) for intelligent threat protection, automatic deployments, and auto-renewable certificates to improve cyber resilience and operational efficiency. As part of AWS’s One Government Value Agreement (OGVA), the ICB benefits from reduced costs and enhanced support, reflected in the AWS deployment.

The project strengthens security and compliance, mitigating vulnerabilities and strengthening adherence to DSP Toolkit and NIST standards with robust WAF protection. Automation of processes like certificate renewals delivered substantial time and resource savings. Improved IaC and change management provide greater control and visibility, enhancing resilience and reliability through a modular, containerised architecture and real-time monitoring. Combined with an Insight Cloud Ops Assessment (AWS Well-Architected Framework Review - WAFR), ensured notable efficiencies.

Why Insight?

Insight, a leading Solutions Integrator, was appointed through Crown Commercial Service’s G-Cloud 14 framework to modernise NHS Gloucestershire’s digital infrastructure. Chosen for its strong track record in delivering governance, clear communication, and proven technical expertise, Insight addressed challenges previous providers faced in maintaining consistent governance and meeting technical milestones.

Insight and Amdaris, an Insight company, applied a “least privilege access model” and strict code approval processes to safeguard data.As an AWS Premier Tier Services Partner, Insight brings deep technical expertise and validated success across Security, DevOps, Microsoft Workloads, and Migration.