SpecSavers Improves Its Vision of Cloud
- Specsavers needed an IT partner to help meet NHS requirements, cope with demand and integrate its IT.
- CSC’s Private Cloud platform, which used multifactor authentication, testing, and disaster recovery to address Specsavers’ concerns about security, compliance and data ownership.
- No upfront costs, and the ability to spend only when needed
- An IT partner with knowledge of the NHS security and compliance requirements
- Flexible capacity to meet unpredictable demand and the ability to design and maintain security for the cloud
Specsavers is the UK’s largest privately owned optical retail group. Since it opened its first UK store 30 years ago, Specsavers has expanded to more than 30,000 employees and 1,500 stores in 10 countries across Europe and Australasia. In addition to its retail stores, Specsavers also operates a full, end-to-end supply chain, manufacturing across 10 sites globally. As an NHS supplier, Specsavers needed an IT partner to grow quickly and to ensure that it complied with NHS’ stringent governance and security requirements.
In 2012 alone, Specsavers provided 13 million spectacle frames. But the company is not just about glasses and contact lenses — it also provided 78,000 hearing aids that year. And it was this side of the business that motivated Specsavers’ move to the cloud.
In 2012, the UK Government introduced the Health and Social Care Act, which allowed the NHS to move certain services out of house to “Any Qualified Provider” (AQP). This AQP initiative created a great opportunity for Specsavers’ existing Hearing Care services to expand to meet the NHS requirements and provide greater customer choice. Hearing tests, hearing aids and aftercare have always been free from the NHS for adults aged over 50, but now they could also be provided at a local Specsavers Hearing Center rather than just at a hospital. But alongside this new opportunity for Specsavers came business challenges and uncertainties:
- There was no single, standard contract for AQP — every region was different.
- Specsavers also faced unpredictable demand — it was difficult to estimate exactly how many new customers they would be serving, because this was partly dependent on referral quality. Would GPs know about the new options?
- As an NHS supplier, Specsavers had to meet NHS Information Governance requirements, no matter how complex they were or how fast they grew. In addition, the company faced differing data requirements per contract.
- Other major questions were unknown — for example, the hosting locations for data, the security controls that would be needed, as well as the level of integration into the NHS “IT spine.”
- Expand existing Specsavers data centers and continue with the current IT strategy
- Increase capacity in an existing hosted third-party data center environment
- Move some of the new IT requirements to the cloud
- Access control questions could be resolved through careful design and measures like multifactor authentication.
- Availability could be ensured by rigorous disaster recovery measures, and the fact that with the CSC solution, Specsavers could also keep data copies in its own data centers.
- Issues over data ownership could be addressed by picking the right cloud partner and having the right contractual terms.
- Finally, malicious virtual exploits could be defended against with attack and penetration testing, and by maintaining an active security team.
While all these questions were still being addressed, the AQP bid process was moving fast — and Specsavers was winning bids. The company considered three strategies for moving forward:
When Specsavers studied its decision criteria matrix, it was clear that the third option — moving to the cloud — had a lot going for it. Cloud offered on-demand capacity, compared to the limited capacity of in-house or hosted data centers. The cost of cloud could also match demand, while data center costs remain fixed. Finally, Specsavers’ existing hosted provider had no NHS experience — whereas a major cloud provider like CSC could offer extensive experience working with NHS data.
Specsavers’ greatest remaining concern was uncertainty over the possible security risks of cloud. The company discussed these security concerns with CSC and discovered that they could all be addressed by using CSC’s Private Cloud platform — and by taking the right approach:
“In the end,” says Karl de Bruijn, Group IT Director with Specsavers, “addressing all these security concerns comes down to understanding that security is still your responsibility in the cloud. However, now you can design for it, and maintain security more easily — giving you more time to concentrate on getting the job done.”
So what has the recent move to the cloud meant for Specsavers? The company is now able to flex capacity to meet fairly unpredictable demand. It has achieved its goals in just a few short months, with no upfront costs.
And that’s not all. As de Bruijn says in closing: “We’re only spending when we need to and where we need it. We’ve partnered with CSC, a company who has intimate knowledge of our customer — and as a result, we’ve increased our expertise in a fairly complex area of compliance. We now understand the actual challenges of cloud — and how to manage them appropriately.”