Monthly Newsletter December 2007
Case Study: Flexible working solution revamps remote access for East Dunbartonshire Council
Background
In common with all local government organisations, the introduction of flexible working practices has been top of the agenda for East Dunbartonshire Council in Scotland. New technology and ICT processes would enable staff to benefit from an improved work/life balance, but any investment would also need to deliver additional improvements to ensure a good ROI. Therefore, for the IT team the challenge was not just to find a remote access system to support home working.
The new technology also needed to deliver service and performance improvements within the Council and in the community; for example, better support from 3rd party suppliers through secure on-line access; expanding on-line services for customers; and improving the Council's service delivery by enabling staff working in the community to access on-line resources immediately from any location and not have to wait until they reached the office.
Requirement
East Dunbartonshire Council's IT team needed a networking solution that could address a number of business requirements.
Flexible Remote/Mobile Access: The primary requirement was to provide Council officers and IT support staff with the ability to work seamlessly from any location - from home, on the move, from other offices. The solution also needed to be flexible so that network access could be easily modified to support the changing needs of staff.
Secure Internal Domains: A number of Council officers working from Education Department offices required secure access to the Council network, but the existing network connection was complicated to use, difficult to maintain, and also presented a potential security risk as other users on the schools network could access the Council network. A new solution was needed to support this network access for authorised users while blocking access for everyone else.
Controlled access for 3rd parties: Providing secure remote access for external users would enable 3rd party suppliers to improve levels of service. It would also enable the Council to expand on-line services for members of the public in the future, providing access to Council services and information through local library PC's. The new network security solution needed to ensure access was tightly controlled so that other network resources remained secure from unauthorised access.
Ease of use: New technology often increases demands on support teams. The Council needed a solution that was easy to use, requiring little support so that IT staff could focus on developing new services.
The Solution
The solution from AppGate Network Security provided all the network security and access control features they needed to meet all their business requirements.
“We chose the AppGate technology because of its superior performance as a secure remote access system," explains Colin McLeod ICT Team leader at East Dunbartonshire Council. "But we quickly discovered that it's got a wealth of features and functions. As a result we're now delivering significant service improvements and using the resources we've got more effectively. I'm delighted with our investment!”
Global Secure Systems, a certified AppGate partner and expert in IT security, worked with the Council team to design and implement the network structure. One AppGate A2 Security Server was installed behind the firewall to provide the platform for remote access for Third party maintainers, Council officers and staff. The AppGate system supports a wide range of client platforms so users are able to work remotely using any device mobile phones, laptops, or home computers. For the system administrators, AppGate's advanced Roles and Rights Management functionality provides granular control over which applications each user can access and under what circumstances.
A second A2 Security Server was installed between the schools network and the main Council network to provide secure controlled access to resources on the Council network. AppGate's rules-based structure means that system administrators can define and control who accesses an application, from which device, through what authentication method, and when. On the schools network, a number of PC's are dedicated for Council officers' use only and have been configured with fixed IP addresses. When officers use these machines, firewall rules automatically route access through to the Council network without the need for users to log on. However, to access Council resources from any other machine on the schools network, users are required to follow authentication procedures before access is permitted.
“The AppGate system has proved very easy to use," says Jim Corrigan, ICT Support Advisor for Education at East Dunbartonshire Council. "We're now able to control user access directly and it's made a real difference to the experience our users receive, significantly reducing the demand for IT support.”
The Future
Looking forward, the AppGate solution provides East Dunbartonshire Council with a secure platform for rolling out a range of new services. AppGate's browser-based access provides an easy-to-use, scalable solution for on-line access to Council services from library PC's. For the Education Department, secure remote access for 3rd party suppliers will help to improve service and support for key education systems. In addition, the team is looking at providing remote access for students and teachers so they can access teaching information from home. Remote access via mobile phones is currently being tested by the Council IT team, and if successful, this option may be rolled out for Social Services team members working in the community.
Tips and Tricks
There are only two ways for data to pass through the AppGate Security Server: either a user is authenticated and then granted access according to the roles and rights management functionality, or an explicit 'firewall' rule is introduced using the IP Filter software package which applies packet filtering functionality to Unix hosts such as the AppGate.
Normally this functionality is used to protect the AppGate against malicious network traffic, but there is a GUI that lets users configure their own additional rules. This is very useful for internal security and for a situation, such as in East Dunbartonshire, it allows users on one internal network to log into the AppGate on a different network.
Find out more about AppGate
This story was originally featured in the GSS Monthly Newsletter December 2007
Subscribe to the GSS Monthly Newsletter
Subscribe to the GSS Montly Newsletter and we'll keep you updated on the main developments in the world of computer security.
DisclaimerBy submitting these details you agree to our website terms of use.
