LocalGov.co.uk - Your authority on UK local government masthead
Diana Wong 02 June 2015

Warning: Your data is escaping

Companies are leaking data like a cracked tea cup. And public sector organisations are no exception. While media headlines have recently focused on the external threat that comes from hackers, malware and vulnerabilities such as VENOM, the fact is many organisations lack the internal governance to ensure data is secure.

We’re all familiar with tales of lost USB sticks and misplaced laptops. Whilst these situations are less than ideal, the real threat to data security does not come from these misdemeanours but from the digital environment in which local government staff now operate. Or rather more specifically, how IT understands an employee’s organisational digital footprint.

The advent of the digital workforce

Within local government, work is increasingly digital and interconnected. Organisational performance is therefore largely contingent upon providing people with richly functional digital workspaces that they can access any time, and anywhere. Data and applications are increasingly underpinning how staff work.

But accordingly much of the data staff rely on in order to do their job sits outside of the corporate firewall and this necessitates being able to log into government databases or accessing information across the Public Sector Network, for which usernames and profiles must be created.

Of course some of the data accessed and shared via applications is perfectly mundane, such as a planning application process or the allocation of a FENSA inspection allocated to a contractor, but it can just as easily be highly sensitive. From adult and child social care to the provision of local health services, local government organisations house highly personal information that under the Data Protection Act it is their responsibility to adequately protect.

This situation is further complicated by the advent of employees using their own devices to upload and download data to the corporate network. Such devices are necessary for many staff whose role is largely based outside of the office, such as planning or youth workers, but how does IT know what data sits where and on what device? What are their control permissions?

The truth is that all too often IT doesn’t know the digital footprint of each employee and so can’t answer these questions. It might be acceptable with current employees, but problems come to light when someone leaves a company. IT can’t be 100% certain what sensitive data is where and who is able to access it.

Untangling the digital spiders web

In the majority of organisations, employees leaves and all that happens is that their email is shut down and their profile deactivated. But if you don’t know the depth and breadth of that profile, it is easy for applications to be overlooked and log-in details to remain active. This situation is exacerbated by local government organisations relying heavily on contractors who are not always officially onboarded, but their boss finds ‘short cuts’ to keep them working allocating or sharing the permissions they need in order to get access to the systems they need.

This isn’t done maliciously but with a desire to simply ‘crack on.’ What it does though is create a ‘shadow user’ that IT has little or no insight into. One or two shadow users might not seem like a big problem, but multiply them tenfold and suddenly local government has a lot of blind spots in play, accessing data and walking out of the building with it safely tucked into their pocket.

The net result is that data is vulnerable, and so too is the council to a fine from the Information Commissioner’s Office (ICO), which places the duty of care of data firmly in the hands of the council, not the employee.

To effectively govern access to data, local government organisations have to be predictive, not reactive. In order to ensure timely and precise de-provisioning of services, organisations simply can’t rely on manual processes. Digital workspaces need to be managed in real-time and predictively. If not, local government organisations risk being haunted by wrongly assigned permissions, vulnerable information and a hefty ICO fine.

Diana Wong is director product marketing at RES Software.

#Data protection

Analysis

Opinion

Most Popular News

Reform UK plan to overhaul LGPS sparks backlash image
Reform UK plan to overhaul LGPS sparks backlash
Overdiagnosis straining SEND system, think tank says image
Overdiagnosis straining SEND system, think tank says
Council cancels IT upgrade after delays image
Council cancels IT upgrade after delays
Kent reassurance after staff DOGE concerns image
Kent reassurance after staff DOGE concerns
Town halls forced to sell community assets as debts mount image
Town halls forced to sell community assets as debts mount

New Products

New remotely lockable cabinet will help manage medication for people with mental health issues

UK-first tool developed by Bluesky scores areas green credentials to aid urban planners

New partnership drives improved air quality and healthier homes in social housing

ShuttleID launches 90-day free trial for local authorities

New steps to keep tenants safe

Invision360 secures Innovate UK smart grant for VITA EHCP generator

New technology to revolutionise air quality monitoring

Case Studies

Acrospire Delivers Retrofit Lighting for Newbridge’s Joe Calzaghe Footbridge

Acrospire Delivers PIR-Controlled Lighting at Ruislip Lido Car Park

Spennymoor Market Place and Consett Middle Street revitalised using Thorn Lighting’s Thor Lanterns and Customisable Gobo Projectors

Acrospire Partners with Bath & North East Somerset Council to Illuminate Historic Film Location with LED Upgrade

Believ to install 22 charge points across Redcar and Cleveland

Acrospire Enhances Harlington Underpass with Energy-Saving Vandal-Resistant Lighting

Croydon Council selects integrated corporate GIS to improve efficiencies

Company Anouncements

Airtech Helps Landlords Comply with Awaab’s Law

Cloudhouse offers housing associations risk-free route to IT modernisation

Adaptations teams’ opportunity to optimise value

Vent-Axia Welcomes Awaab’s Law Draft Guidance

Vent-Axia Supports Net Zero Week

Housing without delay: removing one of the major obstacles

Lucy Zodion to Launch HAWK3 at ILP Lighting Live: The Next Generation of Digital Photocells

Popular Topics

#Unitary #Unions #Transport #Think tank #Temporary accommodation #social care #SEND #Schools #Safety #Rural communities #Roads #Reorganisation #reform party uk #Planning #NHS
SIGN UP
For your free daily news bulletin
Highways jobs

Finance Business Partner

West Northamptonshire Council
£49587 to £52860
Are you ready to take on a role where your financial expertise makes a real difference? We’re looking for a motivated and commercially minded Finance Business Partner to join our team, with a focus on housing and temporary accommodation. This opportunit Northampton
Recuriter: West Northamptonshire Council

Senior HR Adviser

Royal Borough of Greenwich
PO4 - £47,532 to £50,574
We’re entering an exciting new chapter. Greenwich, London (Greater)
Recuriter: Royal Borough of Greenwich

Customer Service Officer

Sandwell Metropolitan Borough Council
Band C SCP 5-8 (£25,583- £26,824 per annum)
We are looking to recruit for a Customer Service Officer to join an established team at Sandwell Libraries Sandwell, West Midlands
Recuriter: Sandwell Metropolitan Borough Council

BCF Lead Projects Officer

Sandwell Metropolitan Borough Council
Band F, SCP26 - 31 (£37,280 - £41,771) per annum
Are you passionate about empowering vulnerable adults and helping them lead independent, safe, and dignified lives? Sandwell, West Midlands
Recuriter: Sandwell Metropolitan Borough Council

Senior Cleansing Technician x 2 Posts (CDC)

City Of Doncaster Council
Grade 6, £25,989 - £28,142
Do you enjoy working outside, as part of a team that make a direct difference to the communities of Doncaster? Doncaster, South Yorkshire
Recuriter: City Of Doncaster Council
Linkedin Banner