Securing business-critical information at Dorset County Council

One such example is Dorset County Council. It executed an internal Improved Electronic Access (IEA) project, instigated to prevent data breaches in case a laptop was lost or stolen. To achieve this, the council needed a solution that would encrypt confidential information and render it useless if it fell into the wrong hands. Among the 7,500 staff which fell into the scope of the project, 40% - such as social care providers, or crossing patrol officers - were not stationed at an office or desk. For these employees, the council established it needed a secure remote access solution, which would allow them to access the council’s network and resource management system from home or on site.
 
To secure its business-critical information and to make secure remote access possible, the council implemented a two-factor authentication solution supplied by secure authentication company, VASCO. Its DIGIPASS authenticators helps the council comply with the mandatory minimum measures for remote access, as dictated by the UK Cabinet Office.
 
As with many projects, the success of the deployment was in part due to the council’s planning and preparation during the proof of concept. Having previously run an Out of Office Working pilot involving two-factor authentication, Dorset County Council was well acquainted with secure authentication solutions, having ordered a small quantity of VASCO DIGIPASS authenticators. With cost always in mind, it chose to work with the company that offered it the best-value authentication solution. The pilot project demonstrated that the authentication solution was compatible with the council’s existing back-end infrastructure, which eliminated the need to purchase additional servers or hardware; again delivering an appreciable cost saving.
 
Ease of use is often a key factor to adoption and success when introducing new solutions or tools. In this case, with the touch of a button, the device generates a unique dynamic password that can only be used once to login and is verified by the authentication software. For the next login session, a new password is generated, as every password expires automatically after 32 seconds. Hence stealing passwords for batch processing becomes a pointless task for fraudsters, as every login requires a new unique password. For the council, it has proved to be a very flexible solution, allowing it to enable secure remote access while adhering to governmental guidelines regarding IT security and data confidentiality. Ultimately, it simplifies the duties of the council’s personnel when they are ‘on the road’. Social care workers for instance, are able to log-on from any PC with an internet connection, allowing them to access critical information prior to making house-to-house visits.
 
Even against a backdrop of current and future public sector budget cuts, Dorset County Council serves as a reassuring example that councils can roll out projects that cost-effectively deliver a readily accepted secure authentication solution, to achieve the twin goals of protecting confidential data, while providing council staff with secure and convenient access to it.