Friday, March 20, 2015

Securing shared services

It comes as no surprise that two of the biggest drivers towards multi-agency working in the Public Sector are cost and efficiency. In efforts to lower spend, increasing numbers of public bodies and organisations are working together to meet combined goals and doing so using digital solutions.

Yet a major stumbling block exists in the form of ‘closed community’ accredited networks and supported mail systems – such as the PSN, GCSX and CJSM. Although individually they can facilitate secure communication between organisations of the same type or function – who therefore sit within the same umbrella networks and systems – they often fail to do so between different government organisations, as well as with private and third sector partners.

This issue of information security and assurance risks undermining multi-agency working and, ultimately, the evolution of service delivery.

You can only collaborate with confidence if you can share information securely


The challenge: How can organisations create secure environments to work together outside of trusted networks?

Firstly, you need to find a suitable solution that will meet the project’s aims while also securely bridging the divided between existing government supported systems and the organisations unable to access them. Procuring a suitable COTS solution will offer both cost and efficiency savings, and catalogues such as G-Cloud can often help to narrow down the search, with offerings already approved for use within the Public Sector.

Secondly, the solution must offer the appropriate levels of information security and data protection. Again, government initiatives such as CESG’s Commercial Product Assurance (CPA) and Pan Government Accreditation (PGA) can aid the search for suitable solutions. These provide assurance that the solution has been independently certified by the UK National Technical Authority for Information Assurance, is fit for purpose, and is capable of protecting your organisation and the data you share from external threats. PGA in particular is offered to manage combined risks and provide end-to-end assurance when different Public Sector organisations work together to deliver shared services.

Finally, the solution must be simple to use. If the aim of multi-agency working is to improve efficiency, then the solution must not take more time to use than old ways of working. Moreover, a recent ICO FOI demonstrated that 93% of data breaches were caused by human error. Solutions have to make data protection accessible to all while also offering comprehensive protection and control to mitigate the risk of a data breach.

Ultimately, information security should not, and does not need to, hinder the delivery of effective and efficient multi-agency projects. In fact, by sharing data securely, public sector organisations can enhance their services to provide citizens with greater levels of information assurance and thus increased confidence in the services being delivered.

No comments:

Post a Comment