Freely subscribe to our NEWSLETTER

Marc Hocking, Chief Technology Officer, Becrypt

All departments and authorities will have less budget and what financial resources they do have must be geared towards providing front line services. With the property rationalisation and abolition of many quangos there is a natural push towards more flexible working. If offices are closed, people still need to work somewhere, whether it be hot desking or working from home. Business continuity is also a driver for more fluid working arrangements. The public sector must address these issues, but they need to do so cost effectively and quickly. There is no point selling off property and closing offices if authorities then spend a huge amount on remote working solutions, or take five years to implement them.

While home and remote working sounds easy enough, organisations need to think carefully about how it is to be achieved. Just buying software is not the whole story, the total cost of ownership is determined more by factors such as; how the software is deployed to employees; how assets are managed; and the ongoing management of the solution. Traditionally, remote working solutions have been for a relatively small group of workers, whereas now with the austerity measures we are looking at much larger groups and in some cases maybe the entire organisation. This is a challenge of a much greater magnitude than previously faced.

The objectives of remote working have been until recently to simply extend the desktop to remote workers. However, now there is a whole different set of drivers, these include reducing the total cost of ownership of such solutions, improving flexibility for staff and improving remote connectivity. The objectives that need to be considered are the security of sharing data, particularly the different levels of sensitive information handled by government departments, local authorities and the NHS.

For the public sector in particular there is the challenge of compliance with government standards whether these be Codes of Connection, DPA, PCI Compliance (particularly for local authorities that process payments from citizens) and compliance with the HMG Security Policy Framework. An added complication is that the solutions themselves need to be accredited before then can be deployed.

The consumerisation of ICT is a factor - ten years ago people didn’t necessarily have a computer at home, now people are more IT savvy and often have multiple computers. They don’t necessarily want to use the kit that they are issued with, preferring to use their own. With the pressures to reduce costs there is a compelling case for employees to use their own equipment, however this must be offset against the risks that may be introduced to government systems.

Another factor is the changing direction of ICT services. The government has stated that they want to move to the G-Cloud and we are increasingly seeing industry and business moving towards virtualisation, the ‘Cloud’ (whether public or private cloud) and hosted virtual desktops.

With austerity measures, rationalisation programmes, consumerisation of ICT and the move to the cloud and virtualisation, there are many different factors to consider when aiming to introduce yet another change, wide scale remote working. Simply issuing laptops to everyone is costly, An alternative option for remote working is to provide employees with less costly and less bulky Netbooks. While cost pressures are dominant at the moment, there is always the trade off between mobility and security, particularly for government.
So how do these remote working solutions actually work? The traditional approach for staff working from their home PC is that a virtual environment is run on the host PC. A host checker can examine the host operating systems (OS), but as it is going through any malicious code on the PC, it can be misled into thinking that everything is OK – giving a false positive. Some key loggers can be installed as root kits, therefore they are not detected by virus scanners, and so screen grabs can be taken of the virtual environment, compromising security. In some cases key loggers are being marketed as useful administration tools! This is one of the many risks to remote working quite apart from the usual data leakage issues.

One solution to this is Becrypt Trusted Client. Becrypt Trusted Client assumes that the host computer is compromised and restarts it, booting into a corporate OS image. This gives a trusted environment from the start because it is totally isolated from the host computer’s OS. The host hard drive is not accessed so there is no cross contamination of malicious code and no data can be saved locally which stops data leakage. As only the keyboard and mouse are used, Becrypt Trusted Client can be used equally well with an employee’s home PC or as additional level of security for work issued Netbooks or laptops. Users have limited access to only those network drives and files that they need to do their job and they are not able to install any additional applications.

Becrypt Trusted Client is ultra low cost in terms of both purchase and total cost of ownership. It has security aspects built in to meet government controls, it can be integrated with VMware and Citrix and is available in different variants depending on the customer requirements. It can deployed centrally saving considerable time and cost, and because users can have the same version of the software whether they are using it in the office or at home, user uptake is maximised and training minimal. In short, Becrypt Trusted Client provides a Secure Managed Endpoint that is assured, low cost and easily managed.

The proof of the pudding – Several of Becrypt’s local authority customers have put together business cases to introduce flexible working policies as a way of improving the effectiveness of partnership working, particularly in the areas of social care and children’s services. Typically the projects address broader issues including: meeting green travel objectives; reducing required office space; reducing costs; improving staff morale; and increasing staff productivity. In all cases the solution had to be affordable. Based on government estimations the savings made from the deployment of secure remote working solutions such as those offered by Becrypt Trusted Client is substantial while actually providing a more secure system.

Becrypt is exhibiting at Infosecurity Europe 2011 – the No. 1 industry event in Europe – where information security professionals address the challenges of today whilst preparing for those of tomorrow. Held from 19th – 21st April at Earl’s Court, London, the event provides an unrivalled free education programme, with exhibitors showcasing new and emerging technologies and offering practical and professional expertise. For further information please visit www.infosec.co.uk