Cabinet Office agrees GCSx local council access terms
I should CoCo
The Cabinet Office has reached an agreement with local government organisations about security standards for connection to its GCSx network.
The Society of IT Management (Socitm), which helped negotiate the terms, said that the agreement included cost reductions in connecting to the Government Secure Extranet (GCSx).
It also met councils' concerns over the extranet's possible migration to the Public Sector Network by recognising the existence of 'low threat environments' in local public services.
According to Socitm, modified standards for the Government Connect Code of Connection (CoCo) version 4.1 for these environments will ensure that expensive new investments are not required by councils.
This means that local public services organisations will not incur any significant additional costs or burdens above those required to meet version 3.2 of CoCo.
In a letter to Socitm members on 13 September, president Jos Creese and chair of Socitm Futures Dylan Roberts say: "The use of GCSx has matured and is the recommended option for joining up.
"Advice and guidance is available on how to initiate new data exchanges and shared services across government using GCSx. There are some good business cases and GCSx is seen as the natural transition to PSN that will be designed to be more appropriate and aligned to local public service requirements."
This article was originally published at Kable.
Kable's GC weekly is a free email newsletter covering the latest news and analysis of public sector technology. To register click here.
Yes, but No, but
It simply means that Central Government have recognised that Local Government do not deal in state secrets and that a one size fits all security policy across all levels and departments is not sensible.
From the wording it appears that this has been done on the basis of cost but it should also be seen as the way ahead on the basis of data security - imposing draconian security measures where they are not appropriate does nothing other than encourage that most serious of security holes - the undocumented, unapproved work-around,
You have ten seconds to comply...
... becuase if you don't, you can't hook up to the DWP for figures. They don't dish them out any other way any more. There isn't really an option for local governments to NOT comply.
As for keeping costs low, that presumably references cutting staff wages, which is where a good portion of the implementation costs are.
GSI wasn't set up as one massive silo - actually, no decently designed intranet ever is.
At most you could see it as a backdoor to the interdepartmental traffic if the connecting firewalls allow access to that traffic (which they shouldn't, but that's another issue), but to get into a department you'd have to get past their own GSI interconnect firewalls - they don't exactly trust each other either, so any GSI connection is firewalled in itself.
This means that you could get at most to a departmental DMZ, which is indeed what should happen.
I'm personally more astonished that it has taken either government or GSI contractor (is it still C&W?) more than 10 years to implement something that was actually part of the original growth plan for GSI. Given the cost savings this could have brought over the years that borders on scandalous.