Southwark Borough Council
Southwark Borough Council shows the way for secure remote access
The London Borough of Southwark is one of the busiest and most demanding metropolitan authorities in the country. Southwark sits close to the prosperity of the Cities of London and Westminster but has all the social and economic challenges presented by a dense inner city area with a population of over 250,000. With a staff of some 5,500 people, Southwark Borough Council has embarked on ambitious social and physical regeneration programmes, together with initiatives aimed at reducing crime and improving educational standards, health, housing and the environment.
The importance of flexible working
Key to delivering high quality, cost-effective services is Southwark’s strong commitment to harnessing technology to provide flexible working and speed up bureaucratic processes and ‘paperwork’. And with staff working around the Borough out of some 190 different sites and offices, the benefits to both the Council and its staff of being able to access information and resources securely from anywhere and at anytime was clear.
Alleviate IT strain by outsourcing
The first remote access initiative in Southwark was pioneered by the Social Services department and gave council staff remote access to client files using dial-up and ISDN connections. The nature of the application presented a big challenge; with sensitive personal information involved, security could not be compromised. That’s when Southwark and its IT solutions provider Serco, turned to Cambridge-based Signify to provide a secure user identification and authentication solution.
Secure access to sensitive information
“Working from home or in the field, we could not rely on staff using simple passwords to log into personal client files,” said Richard Heap, Business Partnership Manager at Southwark Borough Council. “The trouble with static passwords is that many people simply write them down or use something easy to remember such as the name of a child or pet and that is easily compromised. It was vital that we provided a secure two-factor authentication alternative.”
Easy to use, instant access
Two-factor authentication involves something ‘you know’ along with something ‘you have’. In the case of Southwark staff, this is a small RSA SecurID token from Signify – usually carried on a key ring - that produces a new unique one-time passcode (OTP) every 60 seconds. By using this, along with their known user name and secret PIN, Southwark staff could safely gain immediate access to the information they required.
The Social Services department is still a major user, particularly as it has recently moved to full electronic case recording. This means all forms and reports are filled in and filed electronically. But instead of social workers having to head back to the office and work late to do the electronic ‘paperwork’, they can easily do the work on the move or from home.
Expanded application for improved services
The Social Services system proved successful and inspired Southwark to drive ahead with other remote access applications. In fact, today Southwark has some 740 registered Signify users and the old dial-up and ISDN technology has been replaced by broadband and a powerful CISCO Virtual Private Network (VPN).
Other applications range from providing executives access to email through a simple web browser on a home PC to delivering a full set of applications to a Southwark-managed laptop using a VPN client and Citrix Access Gateway. This effectively gives users the same desktop look and feel and access to authorised applications as if they were sitting at their desks in the office.
To provide even greater flexibility, the Council is also trialling a mobile broadband solution using T-Mobile 3G cards. This means that work can be done literally on the move. For example, the Home Improvement teams can travel around to residents in the borough and file assessments and maintenance requests instantly.
While all registered users currently have a RSA SecurID token, Signify also provides a token-less Passcode OnDemand Service for less frequent users, Passcode OnDemand delivers a one-time passcode on request to a mobile phone, PDA or email box by SMS or email.
Hassle free hosted service
“Delivering a 24x7 two-factor authentication service takes much more than simply running some servers; you need to mix policy, procedures, logistics and support to keep remote users happy and working productively around the clock,” says Richard Heap. “Using Signify’s managed service means that they handle everything from dispatching devices and rights administration to handling lost tokens or forgotten passwords. It’s simply a no-hassle solution.”
Signify’s Identity Management Centre (IMC) web portal allows users to manage their own accounts and gives Richard Heap and his team the ability to enforce security policy, add or remove users and delegate management responsibility to departmental managers, as well as providing the reporting tools to track each token and monitor usage information.
Looking to the future
“We still have many more plans for deploying remote access applications,” says Richard Heap. “In addition to enhancing our services and improving business efficiency and productivity, the ability to provide more flexible working arrangements for hardworking staff is proving extremely valuable and popular.”
Reflecting the shift to flexible working patterns, next year the Council is moving into new offices that will have 1,800 desks for 2,100 staff. “It does not make sense for everyone to have a desk if more people are working away from the office,” says Richard Heap.
A viable choice for public authorities
“Southwark is a great showcase for demonstrating the potential of secure remote access for public authorities,” says Dave Abraham, CEO at Signify. “We are working closely with Serco, who provide outsourced and managed IT solutions to major private and public sector organisations, to meet the growing demand for more flexible and secure home and mobile working. Other customers include The London Borough of Tower Hamlets, Walsall Housing Group and Wales and West Utilities.
“The good news is that more public sector organisations are realising that passwords are not enough and the two-factor message is getting through,” concludes Abraham.