Browsium rescues HMRC from IE6 – and multimillion-pound bill

Undercuts Capgemini-Fujitsu dream team

Top three mobile application threats

Updated A browser startup has undercut some of government's biggest IT suppliers to win its largest deal: shifting HM Revenue & Customs from Internet Explorer 6 and Windows XP to IE8 and Windows 7.

Browsium has moved 85,000 PC users from Microsoft’s hated browser and dated Windows XP, out-bidding computing stalwarts Capgemini and Fujitsu of the Aspire consortium.

Browsium cost the revenue service just £1.28m – compared to a reported bill of £35m and upwards punted by the traditional systems integrator giants.

The migration has currently underway. HMRC had spent the last two years simply looking for a way to move, dabbling in pilot re-writes which failed, one after the other.

“This is the single largest deal we have done,” Browsium founder and chief executive Matt Heller told The Reg on Wednesday. “We have other deals that are quite large, but there are not that many corporate customers who are as large” as HMRC, said the ex-Microsoft man.

So how did a West Coast startup, virtually unknown in Whitehall, manage to undercut familiar faces Capgemini and Fujitsu and get the nod from British government?

Certainly Browsium is the kind of SMB that would serve as poster child for a UK government obsessed by G-Cloud. Founded in 2010 by Heller, Browsium has just 10 employees – all ex-Microsoft staff who had worked on IE and Windows. Capgemini and Fujitsu have been in IT for decades and march with armies of tens of thousands of staff.

But Browsium didn’t slide in on the back of G-Cloud – the company is not even listed in the G-Cloud catalogue of software and services. Instead, it was Browsium’s UK distribution partner and reseller, CDG, which opened the door thanks to its work in other UK government departments.

One reason for this might be that HMRC was running out of options on IE6.

IE6 is the browser that even its once-proud maker has come to hate over the years. Released in 2001, the IE6 helped Microsoft users over Y2K hump and has stayed dug in thanks to the staying power of Windows XP and failure of Windows Vista. Redmond has repeatedly called on users to dump IE6 by flagging up the security concerns in recent years. Redmond even sent flowers to mark its “death.”

Now, the clock is ticking. Microsoft’s extended support for Windows XP Service Pack 3 ends in April 2014 and for many of these people IE6 is their only browser. If you don’t move operating systems, you end up paying Microsoft extra money for the courtesy of custom support.

All this has been playing out while HMRC’s pilots were failing and costings from HMRC's IT outsourcing contractors, Aspire, kept coming in way over budget.

Aspire was formed in 2004, covering desktop services for HMRC, and was renewed and extended in 2009 – supposedly to update and standardise systems and thus save the taxman £110m a year from 2012. It received a huge plug on potential for savings from the minister driving G-Cloud, Francis Maude, here. Aspire is now working with Browsium and CDG on delivery.

CDG director Oren Taylor told The Reg that a big reason for Browsium getting the nod was, once again, down to savings: “We had to show and deliver significant value for this to be a driver for them [HMRC]. But it come down to saving money,” he said.

Heller, who helped build IE6 while he was a Microsoft employee more than 10 years ago, reckons the Aspire duo didn’t do anything wrong, technically, because they were following Microsoft’s guidance on IE6 migrations: re-write your apps so they are no longer dependent on IE6.

But that was where the problems started.

“The problem is when you get the cost model it ends up being the tens of millions of pounds that Aspire quoted. We see that number thrown around by users much smaller than HMRC,” Heller said. “At the end of the day, you pay a really big bill and have exactly the same system and functionality as before and you have nothing new and the user sees nothing new.”

How Browsium managed such a radical cost cut

Browsium's low-cost answer was to avoid rewrites. Instead, its software, called Ion, plugs into the IE8 and IE9 rendering engine to display pages. When it receives a call to a URL for IE6, it reproduces IE6's security and configuration – settings such as Active X filters, message headers, rendering values and Quirks Mode – to make sure things still work.

Using Ion means HMRC can continue making use of its IE6-dependant legacy apps (and re-write them as and when it becomes possible).

Browsium did face some skepticism from an HMRC employee whose own techies had tried, and failed, before it. “They were skeptical on the ability to show it worked and prove it out,” Heller said. “We did a small proof of concept to show it could be done: one of the apps they ran initially they’d tried twice before to work in IE8 in different approaches but hadn’t been able to do it in large part. Our engineers where in and out in two hours.”

Given this is the biggest deployment for Ion in Browsium's short life, are there any chances it might fail or fall over? Heller reckoned Ion would work because it sits on each individual’s PC as a plug-in to the browser, rather than running as a Software-as-a-Service or on centralised server.

It now seems that HMRC isn’t the only department willing to take a bet on the small guy and this different approach. “The big six” central government departments are looking to follow HMRC, CDG's Taylor claimed. “Every significant central government department is engaged," he added.

Taylor said dealing with government is complex and challenging for operations like CDG and Browsium, but that this is “changing rapidly". ®

This article has been updated to clarify rollout of Browsium's Ion is in progress.

SANS - Survey on application security programs

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Banks slap Olympus with £160 MEEELLION lawsuit
Scandal hit camera maker just can't shake off its past
Reprieve for Weev: Court disowns AT&T hacker's conviction
Appeals court strikes down landmark sentence
prev story


Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.