Public Sector: Securing Shared Services
Date: Apr 7, 2015
Guest post: Egress
It comes as no surprise that two of the biggest drivers towards multi-agency working in the Public Sector are cost and efficiency. In efforts to lower spend, increasing numbers of public bodies and organisations are working together to meet combined goals and doing so using digital solutions.
Yet a major stumbling block exists in the form of ‘closed community’ accredited networks and supported mail systems – such as the PSN, GCSX and CJSM. Although individually they can facilitate secure communication between organisations of the same type or function – who therefore sit within the same umbrella networks and systems – they often fail to do so between different government organisations, as well as with private and third sector partners.
This issue of information security and assurance risks undermining multi-agency working and, ultimately, the evolution of service delivery.
You can only collaborate with confidence if you can share information securely
The challenge: How can organisations create secure environments to work together outside of trusted networks?
Firstly, you need to find a suitable solution that will meet the project’s aims while also securely bridging the divided between existing government supported systems and the organisations unable to access them. Procuring a suitable COTS solution will offer both cost and efficiency savings, and catalogues such as G-Cloud can often help to narrow down the search, with offerings already approved for use within the Public Sector.
Secondly, the solution must offer the appropriate levels of information security and data protection. Again, government initiatives such as CESG’s Commercial Product Assurance (CPA) and Pan Government Accreditation (PGA) can aid the search for suitable solutions. These provide assurance that the solution has been independently certified by the UK National Technical Authority for Information Assurance, is fit for purpose, and is capable of protecting your organisation and the data you share from external threats. PGA in particular is offered to manage combined risks and provide end-to-end assurance when different Public Sector organisations work together to deliver shared services.
Finally, the solution must be simple to use. If the aim of multi-agency working is to improve efficiency, then the solution must not take more time to use than old ways of working. Moreover, a recent ICO FOI demonstrated that 93% of data breaches were caused by human error. Solutions have to make data protection accessible to all while also offering comprehensive protection and control to mitigate the risk of a data breach.
Ultimately, information security should not, and does not need to, hinder the delivery of effective and efficient multi-agency projects. In fact, by sharing data securely, public sector organisations can enhance their services to provide citizens with greater levels of information assurance and thus increased confidence in the services being delivered.
Read more about the Egress:
Egress Switch is the next generation of security software that puts the information owner in control of the data they send and ensures regulatory compliance at all times.
Share IL2 and IL3 data with confidence
Awarded a pan-government framework in 2011 designed specifically to help the Public Sector share sensitive personal data with third parties, Egress Switch is soon to be the only CPA Foundation Grade certified email encryption product in the UK.
For the first time, government organisations will have access to a CESG certified email encryption product that enables them to share information marked up to IL3 under the current classification scheme and OFFICIAL under the scheme about to be introduced.
CPA certification includes:
IL3 Certified Gateway Email Encryption – the secure encryption of email information as it flows between organisations over untrustworthy networks.
IL3 Certification Desktop Email Encryption – the secure encryption of email as it flows from a desktop email client to a local or remote user.
This independent assurance gives organisations and users the confidence that they are selecting an email encryption product that has been approved by CESG and is capable of protecting them and the data they share.