Cambridge City Council turns to SecurAccess for remote working security and CoCo compliance

(19/01/2010)

The residents of Cambridge elect 42 councillors across 14 wards, who are responsible for setting the budget and policy framework in the city. Backing up every decision and policy change is a workforce of hundreds of employees who ensure that any decisions made by the council are successfully implemented at a practical level.

In order to ensure that the council’s civic responsibility can be met, many of Cambridge City Council’s employees needs to be in constant contact with the organisations, businesses and individuals of Cambridge, and with colleagues at the Council itself.

This involves taking calls from the public, visiting homes and businesses, coordinating with council members and relaying information back to the council’s central system to ensure that data is kept current and comprehensive.

When dealing with a wealth of information regarding such a wide variety of businesses and organisations, however, there is an inherent security risk – any information mishandled, lost or stolen is a potentially damaging security breach, both for the council and those that it works with.

“The Council encourages employees to maintain a good work/life balance, and being able to log on remotely is an important part of this,” said James Nightingale, Head of ICT Client Services at Cambridge City Council. “However, the more remote workers you have, the more the IT security risk goes up – how can the IT team tell users are who they claim to be when logging on remotely?”

Additionally, the Council had to prove it was compliant with the Government’s GSCX Code of Connection (known as CoCo). CoCo is part of Government Connect – the pan-government programme providing an accredited and secure network between central government and every local authority (LA) in England and Wales. All LAs must be compliant with CoCo’s code of practice to prove they have the necessary network security measures in place.

“To comply with CoCo, it was absolutely necessary to have a system in place to make remote access for our employees more secure,” Nightingale continued. “Dealing with information from so many different businesses, people and organisations while on the move is the nature of the job, so there needed to be a way to do that as securely as possible.”

Cambridge City Council began to consider ways in which it could authenticate remote users to facilitate mobile and home working.

A number of other councils around the UK utilise a token-based authentication system, whereby employees pick up a token containing an authentication code that allows them to connect to the system remotely. The main problem facing this option, however, is the time and effort needed to distribute each token to employees.

“The authentication token as a security measure is incredibly time consuming,” said Nightingale. “Staff would have to fill out access request forms, then make a physical appointment to come into the council offices and pick up the token, wasting a lot of time for admin workers and users.”

A token-based system also generates a myriad of other issues – the hardware is often lost, they are easily broken, and creating the large quantities of tokens incurs huge expenses. Frequently, tokens were stored with laptops so if the computer was stolen, the authenticator would go with it.

It therefore seemed logical for Cambridge City Council to turn to SecurAccess, which negates the need for tokens by using employees’ mobile phones to deliver authentication codes.

“The main goal was to achieve CoCo compliance, while keeping any new systems as user-friendly as possible,” said Nightingale. “But in this tight economic period we wanted to do this without wasting council money on unnecessary expenditure.”

“The roll-out of the software at the Council was painless – it took just a few days, and employees got used to the system very quickly,” said Steve Watts, co-founder at SecurEnvoy. “Everyone has a mobile phone on them most of the time, so receiving text messages with access codes is easy to grasp and the interface is very straightforward to use – even for the least tech-savvy employees.”

Cambridge City Council is now compliant with CoCo, and has a secure workforce safely logging in from remote locations. “Ultimately, we’ve saved money and our systems are more secure than ever, so we’ve achieved everything we set out to do,” concluded Nightingale.

Related topics:  Authentication and identity management   Internet and Web security   Mobile and Wireless Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources