The Security Issues that Face Local Authorities and Councils

The Information Commissioners Office (ICO) is an independent UK authority that oversees information rights in the public domain. They encourage public bodies to be more open and promote data privacy for individuals. For the organisations who are regulated by the ICO this means obligations that they must comply with. For the public it means access to their personal data and the ability to raise concerns when they believe that an organisation has failed to adhere to legislation.

One sector that appears to be more heavily regulated than most by the commissioner is Councils. This is thanks in part to the sensitive data that is held by the Social Services arm of each organisation. As well as the ICO, Local Authorities are also regulated by the Payment Card Industry (PCI) Security Standards Council, due to the financial transactions that take place too, with yet more legislation to follow.

So, to summarise, Councils are well regulated and overseen by numerous agencies. But there is one area especially that affects them more than any other, and that is the Code of Connection (CoCo) rules, which allow councils to interconnect with government networks, but only after they have followed strict procedures to do so.

There are mandatory requirements that must be met before a connection can be made. This dictates how users are authenticated, how systems are audited and that log data is securely gathered. The area that CoCo cracks down on more than any other though is the Protective Marking of documents, clearly displaying whether they are Top Secret, Private or Unclassified.

Titus

The problem that most organisations face when addressing this particular problem is simply the arduous task of sifting through terabytes of data to complete the task. At Digital Pathways we have the solution, a piece of software called Titus that can classify, protect and allow you to confidently share your data.

Titus allows us to handle your Protective Marking requirements by effectively drawing a line in the sand with our clients, placing any new data that is created above the line to be classified, and older documents below until they are needed. Once that data is brought above the line it can then be classified. This help to make deployment a much smoother process.

Active Directory

Another issue we commonly find with Councils is poor management when it comes to their Active Directory. Many of the user profiles included in an AD will have access to data internally that really they shouldn’t, with credentials that have not been modified as the user moves around departments. We have even found instances where users have left the organisation but their AD entry is left live! For organisations that have this issue we offer 8MAN, a solution that offers role based access to the directory, with vastly improved data security.

Starters and leavers are a major issue for all Public sector environments. The remedy is to provide business managers with the tool to formulate the changes themselves; own their team membership and the rights that the team members have to access data assets. The graphic ‘presentation’ of AD provided by 8MAN assists in acceptance of that proposition.

So if you are a Council or Local Authority that is struggling to adhere to the legislation of those you are accountable to, then please feel free to get in touch. Whether it is Protective Marking or Active Directory security, Digital Pathways have a solution.