This page contains a Flash digital edition of a book.
38


Secure remote w


Marc Hocking, Chief Technology Officer, Becrypt, discusses one answer to meeting the


Government’s Austerity Measures.


The public sector is facing rationalisation of a magnitude never seen before. To meet the new austerity measures it is not just a case of cutting budgets by 10 or 20%, different ways of working must be found.


Financial resources are now focused on providing


front line services, quangos are being cut and the government is planning to rationalise its property portfolio. With offices closing and the drive to reduce costs, there is a push to remote working - whether hot desking or working from home. However, remote working introduces new challenges. Organisations need to think carefully about the solution; the initial purchase, the total cost of ownership; how the software is deployed to employees; how assets are managed; and the ongoing management of the solution, as well as data security. For government departments, local authorities and the NHS security is high on the agenda. The Codes of Connection, DPA, PCI Compliance (particularly for local authorities that process payments from citizens) or compliance with the HMG Security Policy Framework, mean that any deployed solution must be accredited. Whether issuing laptops or allowing today’s IT savvy employees to use their own home computer, both options must offset mobility against the security risks. The government has also stated a desire to move to the G-Cloud (industry and private sector are also


moving this way) and hosted virtual desktops. So what type of solutions are available? The traditional approach for staff working from their home PC is that a virtual environment is run on the host PC. A host checker examines the host operating systems (OS), but as it is going through any malicious code on the PC, it can be misled into thinking that everything is OK. Some key loggers can be installed as root kits, and are not detected by virus scanners, enabling screen grabs to be taken of the virtual environment and compromising security. This, as well as data leakage, is one of the many risks of remote working. An alternative approach is a solution that assumes that the host computer is compromised and restarts it, booting into a corporate OS image. This provides a trusted environment from the start, because it is totally isolated from the host computer’s OS. As the host hard drive is not accessed, there is no cross contamination of malicious code.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43