Centrelink seeks data loss prevention suite, says it must cover Windows 7 rollout

Centrelink has issued a tender for data loss prevention technologies, and hints at work-from-home options for its staff, a Windows 7 rollout and possible problems with staff downloading inappropriate content to their work PCs.

Centrelink has issued a tender for "Data Loss Prevention, Endpoint Protection and Secure Email Message Delivery " tools  and anticipates using them up to 42,000 PCs.

The tender, issued yesterday, lists the following as comprising the required solution:

  • Data Loss Prevention (Web / Email);
  • Web Access;
  • Email Gateway;
  • Endpoint Protection on Desktop and X86 Server Platforms (Device Control);
  • Endpoint Protection on Desktop and X86 Server Platforms (Harmful Code)
  • Endpoint Protection on Desktop and X86 Server Platforms (Firewall);
  • Network Access Control;
  • Characterisation;
  • Secure Email Message Delivery
  • Email Gateway (Secure Message Delivery);
  •  Support (required for all Tenders); and
  • Training (required for all Tenders).


The desired products are expected to "provide Centrelink with the capability to:

  • scan and classify data; and
  • remediate incidents based on classification;

via the following channels:

  • web;
  • email;
  • endpoints (including copy/paste and removable media);
  • endpoint extension technologies (e.g. Citrix or RDP); and
  • data at rest on Fileshares (e.g. CIFS/SMB, NFS, Filenet)."


Intriguingly, the  tender suggests strongly that the winning bidder will be able to cover staff at Centrelink's offices but also in their homes.

"It is desirable that a product appropriate for home use is offered for take-up by Centrelink staff on an opt-in basis," the documents say.

Another interesting requirement is for providers to "...  use or reference Active Directory as its single source of identity and role." 

The winning bidder will be expected to cover Centrelink's current environment, but also ensure its products can cover Windows 7 as the tender states "Development of a replacement set of core services for all sites based on Microsoft Windows Server 2008 R2 and Windows 7 endpoints has commenced. In addition, authentication services will be migrated to MS Active Directory. These replacement technologies are expected to largely duplicate the current decentralised topology for the short to medium term."

Content screening

The tender also seeks to prevent inappropriate data entering the organisation, stating:

"Employees find some web sites that contain content inappropriate for the workplace and access them from their workplace desktops.  They download and save inappropriate text and images from these web sites to their local hard drive.

Each Tenderer is to describe how the Tendered solution would prevent or make this scenario very difficult to accomplish."

The endpoint protection component of the tender calls for a solution capable of protecting:

  • fixed devices;
  • laptops;
  • removable devices including but not limited to:
    • phones;
    • music devices;
    • USB Mass storage devices;
    • CD/DVD; and
    •  Firewire connected devices.

The solution is also hoped to "provide Centrelink with the capability to answer the following questions if a removable device is lost:

  • What files were on the device at the time it was lost?
  • What content was in the files?
  • Was the device encrypted at the time it was lost?
  • What was the strength of the encryption?

A lightweight product is the agency's preference, with the tender stating that it will look favorably on a solution  that "... minimises its footprint on the network. The minimal footprint solution means the solution that requires the least number of separate Software agents and the least number of additional hardware devices."

Read more on Security policy and user awareness