1 / 7

PSN Compliance in Local Authorities

PSN Compliance in Local Authorities . Addressing the Challenges. What is going on? . PSN CoCo submissions have just become more painful! Affects all UK PSN users Councils…….are especially affected, Accredited individually fundamental differences in our “digital landscape”

caesar
Download Presentation

PSN Compliance in Local Authorities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PSN ComplianceinLocal Authorities Addressing the Challenges

  2. What is going on? • PSN CoCo submissions have just become more painful! • Affects all UK PSN users • Councils…….are especially affected, • Accredited individually • fundamental differences in our “digital landscape” • The Scottish Angle – Education and Registration – Mobile and Flexible. • Last 6 months • 4 Councils pre-Zero Tolerance • 4 now passed post-Zero Tolerance • Others going through the “Red Letters”

  3. What’s the Key points? • “PSN-originated data” must be housed on a trusted network. • Zero Tolerance! • Timescales – Short-term pain, Long-term pain. • Limit/eliminate shared PSN/Non-PSN infrastructure • Unmanaged devices are “assumed compromised” – BYOD RIP • Previously (assumed) ”acceptable” remote access approaches now in question – thin client/zero data, sandboxing, even distros. • There will be unplanned cost and resource implications!

  4. Getting there? The process….. • Sequential – not helpful • Signatories • ITHC requirements • Must get the two above right – before you pass to “validation” • Get to know your Cabinet Office PM! • Get some CLAS time? • Advice – know the process, avoid the ping-backs, speak to the CO, keep up with the Guidance, consider CLAS time

  5. What might need done in the short-term? • ITHC Major/Critical and Significant mediums! • Get Patching! • Tighten Segmentation of networks – esp. if completely flat • Email……potentially more inboxes? • Remote Access – different passwords from internal network logins? • Unmanaged device access – closed off/restricted • Disclosure checks? GSX staff initially? Not clear! • Affected groups :- GSX users, Remote Access, BYOD • Advice: Know your PSN “footprint”, be pro-active, manage the comms with your customers

  6. …but don’t breathe a sigh of relief for too long! • Long-Term Architecture • No clear “design patterns” – clarification imminent? • “Clearing House” approach? • Will need to look hard at whether “remote access (or PSN) is worth the pain…” • Partner and third party access = “unmanaged”? • Separation of infrastructure – web, servers, etc for PSN data • Windows XP ……. a case of bad timing • More disclosures? • NEED FOR COLLABORATION in 2014?

  7. Questions needing answers? • Is the PSN approach tenable for Councils? • Will this ultimately limit the usefulness and adoption of PSN? • Do we know where the future pressures will be? • What are the costs? Who bears them? And is it worth it? • Should Councils collaborate on “long term” compliance work? • Will this mean IT is back in the role of “Information Preventor”? • Lobby and/or comply? • Strategic response – Segment and separate to allow unmanaged? 100% managed? Which strategy should you adopt?

More Related