computing.co.uk - UK - June 25, 2010-

How well are local authorities complying with CoCo rules?

Neil Hollister of CRYPTOCard discusses the findings of its research.

With the number of services they provide the public, local authorities (LAs) in Britain handle a substantial amount of personal and confidential information. Such data is extremely valuable if it gets into the wrong hands and the need to improve security and prevent breaches has never been higher.

The UK government has introduced a wide area network – the Government Connect Secure Extranet (GCSX) – that provides secure communications across government departments.

To access the GSCX, LAs must comply with the Code of Connection (CoCo) – a collection of 200 security requirements, one of which is for users working remotely to use two-factor authentication (2FA) to connect with the GCSX network.

With regulatory requirements needing to be met and the need to ensure public data is safe and secure in their hands, how compliant are local authorities currently? And does the need for regulatory compliance present LAs with an opportunity to stay one step ahead of the IT curve?

Research by Tudor Rose on behalf of authentication company CrypoCard shows that 91 per cent of LAs surveyed currently use 2FA. Of those not yet using strong authentication mechanisms, the majority plan to adopt them in the “near future”.

While the CoCo controls are designed to protect against data loss and theft, the ability to extend secure remote access to workers gives LAs added benefits, such as increased productivity, reduced overhead costs and greater staff retention. Additionally, compliance with other cross-government security initiatives will become easier.

The deployment of strong authentication solutions also provides opportunities for LAs to look afresh at their IT/security technologies to ensure they optimise their use while embracing innovations.

The research reveals many authorities plan to do just this by reviewing their existing deployments to assess viability with recent innovations or find ways to reduce total cost of ownership.

There is for instance already increased interest from this sector in on-demand SMS tokens for mobile phone, smart phone and Blackberries – a trend driven by the fact that they are a low-cost alternative for organisations and a favourite with users due to the convenience of relying on devices they already possess.

We expect this interest in token innovation to continue and with the right foundations established there is little standing in the way of local authorities being a step ahead of their Government counterparts or even private sector companies.

Furthermore, the adoption of 2FA provides a solid basis for local authorities to explore cloud technologies. Cloud computing brings with it a number of advantages, for instance its adoption significantly reduces ongoing resource requirements in capital expenditure costs and users can be instantly added or removed from the service as required to meet demand, such as when poor weather or transport disruptions prevent workers from reaching the office.

However adopters need to ensure that they are securing access to the cloud with the right levels of protection – something that worryingly many adopters have not done. Local authorities who have already embraced 2FA already have in place the mechanism to adequately secure the cloud.

The regulation requiring LAs to deploy two-factor authentication presents myriad opportunities for departments looking to embrace new IT innovations that enhance productivity and reduce costs. Organisations needing to comply should use the regulations to take advantage of this very real opportunity to improve processes and output.

Neil Hollister is CEO of CryptoCard.

click here to read article.