Caerphilly County Borough Council has been selected as one of the pilot sites for a secure network to link government departments, after a three-month programme to step up its internal security.
The Government Connect Secure Extranet (GCSX) requires local authorites to meet stringent security standards concerning storing data on portable media, creating full audit trail of their use and ensuring that the storage media is tamper proof.
But Caerphilly was able to meet the stringent security standards needed to join the network in just over three months, after signing up to the interational security code of practice.
"Some local authorities struggle with GCSX compliance because it requires input from many different areas of IT," said Vernon Coles, IT security officer for Caerphilly CBC. "But compliance with ISO 27001 meant that we already had the answers to many of the questions for GCSX compliance," he said.
The council's IT department realised it needed to improve security around portable storage months ahead of the introduction of the GCSX standard.
"Compliance with ISO 27001 requires regular risk assessments, which led us to begin considering endpoint security about two years ago," said Coles.
After searching for suitable technologies, Caerphilly rolled out data leakage prevention technology from Safend system across its desktop and laptop computers.
"This gave us a complete picture of all the removable devices in use and the files written to them since the computers were commissioned," said Turner.
The council followed the project with a programme to raise awareness of staff on the safe use of removable storage devices.
It ran a USB amnesty, offering to replacing unauthorised devices with Caerphilly CBC-branded, Safend-encrypted USB sticks. And it explained the importance of encryption on these devices to protect users if the devices were lost or stolen.
"Users appreciate the importance of taking pre-emptive steps to protect the authority and its employees from any damaging loss of data," said Turner.
"With this system in place, no-one has to worry about being named and shamed in the press for data breaches," he said Coles.
Local authorities that failed to meet the GCSX deadline of 31 March 2009 are expected to be ready for connection to the network by the end of September.
|Securing Caerphilly CBC|
|Vernon Coles, IT security officer for Caerphilly CBC, shelved a plan to beef-up the security of its portable storage devices for a year, after being unable to find a solution which complied with the government's criteria.|
|He was only able to find five suppliers that met the criteria for the government's secure GCSX network.|
|Caerphilly chose an endpoint data leakage prevention system from software supplier Safend following an independent penetration testing report.|
|Wayne Turner, network development officer for Caerphilly CBC said: "Both products met the criteria, but the testing report said Safend had the edge."|
|"Penetration testing is routine part of our technology procurement process," said Coles.|
Read more on IT governance
20 firms join Tech Nation’s cyber security scale-up programme
Recent SSL attacks: How to protect your organization
England’s top councils fail to comply with WAN code and cannot respond to data breaches
LogRhythm Combines GCSx and CoCo Compliance with Improved Reporting and Enhanced Network Analysis