Presentation on theme: "PSN Compliance in Local Authorities ADDRESSING THE CHALLENGES."— Presentation transcript:
PSN Compliance in Local Authorities ADDRESSING THE CHALLENGES
What is going on? PSN CoCo submissions have just become more painful! Affects all UK PSN users Councils…….are especially affected, Accredited individually fundamental differences in our “digital landscape” The Scottish Angle – Education and Registration – Mobile and Flexible. Last 6 months 4 Councils pre-Zero Tolerance 4 now passed post-Zero Tolerance Others going through the “Red Letters”
What’s the Key points? “PSN-originated data” must be housed on a trusted network. Zero Tolerance! Timescales – Short-term pain, Long-term pain. Limit/eliminate shared PSN/Non-PSN infrastructure Unmanaged devices are “assumed compromised” – BYOD RIP Previously (assumed) ”acceptable” remote access approaches now in question – thin client/zero data, sandboxing, even distros. There will be unplanned cost and resource implications!
Getting there? The process….. Sequential – not helpful Signatories ITHC requirements Must get the two above right – before you pass to “validation” Get to know your Cabinet Office PM! Get some CLAS time? Advice – know the process, avoid the ping-backs, speak to the CO, keep up with the Guidance, consider CLAS time
What might need done in the short- term? ITHC Major/Critical and Significant mediums! Get Patching! Tighten Segmentation of networks – esp. if completely flat ……potentially more inboxes? Remote Access – different passwords from internal network logins? Unmanaged device access – closed off/restricted Disclosure checks? GSX staff initially? Not clear! Affected groups :- GSX users, Remote Access, BYOD Advice: Know your PSN “footprint”, be pro-active, manage the comms with your customers
…but don’t breathe a sigh of relief for too long! Long-Term Architecture No clear “design patterns” – clarification imminent? “Clearing House” approach? Will need to look hard at whether “remote access (or PSN) is worth the pain…” Partner and third party access = “unmanaged”? Separation of infrastructure – web, servers, etc for PSN data Windows XP ……. a case of bad timing More disclosures? NEED FOR COLLABORATION in 2014?
Questions needing answers? Is the PSN approach tenable for Councils? Will this ultimately limit the usefulness and adoption of PSN? Do we know where the future pressures will be? What are the costs? Who bears them? And is it worth it? Should Councils collaborate on “long term” compliance work? Will this mean IT is back in the role of “Information Preventor”? Lobby and/or comply? Strategic response – Segment and separate to allow unmanaged? 100% managed? Which strategy should you adopt?