Securing the best of both worlds
Jon Cook discusses how local authorities can keep employees mobile while still completing the accreditation process.
In many instances over the past few years IT innovation in the public sector has overtaken the private sector. A key example is the speed at which local authorities embraced the use of mobile devices in the workplace, with a range of mobility solutions implemented to allow employees to work where and how they choose.
However over the past 12 months the arrival of the Public Sector Network (PSN - a unified network for shared government services) has proved to be a real challenge to this newfound mobility, with the accreditation process receiving scrutiny for its scope and scale. Much attention has been focused on the challenge that organisations face in trying to meet PSN Code of Connection accreditation, while still giving employees the ability to use mobile devices for work. The concern from the Cabinet Office regarding the PSN is that existing Bring Your Own Device (BYOD) and mobility programmes pose security concerns because unmanaged devices registered on them could potentially lead to sensitive data being disclosed. In response, some councils considered either banning mobile working completely or restricting it to a core body of employees who needed to access the council network remotely.
The PSN will deliver a range of benefits to local authorities, making it both appealing as well as necessary to join. The PSN will make it easier for public bodies to share services that could ultimately serve to reduce the cost of IT delivery throughout government, changing the way citizens engage with public services. But in order to receive these benefits local authorities have to compromise on some of the advantages that both they and their employees gain from successful BYOD and flexible working schemes in terms of reduced costs and increased productivity.
But what options do local authorities actually have? How can they get the best of both worlds and reap the benefits of the PSN, while at the same time allowing for employee mobility?
Clearly the first step is to ensure that an organisation has a clear and coherent device management strategy. Following this, and with unmanaged devices a no-go area for authorities looking to connect to the PSN, authorities need to adopt a managed device and walled garden approach. A walled garden isolates all enterprise data into a secure “container” held on a separate network within the organisation’s server. This can then be managed by IT centrally and with data not being stored on the endpoint, there is a reduction in any potential security risks.
A good example of this can be seen with Bath and North East Somerset Council which has been successfully audited recently. The council has adopted the walled garden approach to data which meant that there is a clear level of protection for the organisation’s data being accessed through managed devices. All the PSN data is kept separate, so that individuals working for the council can still access their emails as well as share non-PSN applications on managed devices outside of the office.
While such an approach fulfils the demands of PSN accreditation, it is more of a short term approach to the problem. In the long term, all public sector organisations are likely to face greater demands for employee mobility, which means that the device management strategy for the PSN is likely to have to change with it. However, those which have taken the walled garden route will be well placed to adapt to future changes to regulations.
Ultimately, there will have to be some compromise in the mobility of employees in order to reap the full benefits of the PSN. The security challenge associated with giving unsecured, unmanaged devices to government employees is simply too great. But by taking a combined managed device and walled garden approach local authorities can benefit from the best of both worlds, keeping employees mobile while enjoying the advantages the PSN will provide.
Jon Cook is national sales manager at supplier Citrix
Cabinet Office-based facility signs £800k deal with mobile network operator
Public sector hosting provider has suspended itself from frameworks after being placed in compulsory liquidation
Research will consider potential impact of system failure on the country’s finances and way of life
Ministry signs contract with specialist firm to provide an application for engineers to probe data