Caerphilly County Borough Council has been selected as one of the pilot sites for a secure network to link government departments, after a three-month programme to step up its internal security.
The Government Connect Secure Extranet (GCSX) requires local authorites to meet stringent security standards concerning storing data on portable media, creating full audit trail of their use and ensuring that the storage media is tamper proof.
But Caerphilly was able to meet the stringent security standards needed to join the network in just over three months, after signing up to the interational security code of practice.
ISO 27001
"Some local authorities struggle with GCSX compliance because it requires input from many different areas of IT," said Vernon Coles, IT security officer for Caerphilly CBC. "But compliance with ISO 27001 meant that we already had the answers to many of the questions for GCSX compliance," he said.
The council's IT department realised it needed to improve security around portable storage months ahead of the introduction of the GCSX standard.
"Compliance with ISO 27001 requires regular risk assessments, which led us to begin considering endpoint security about two years ago," said Coles.
After searching for suitable technologies, Caerphilly rolled out data leakage prevention technology from Safend system across its desktop and laptop computers.
"This gave us a complete picture of all the removable devices in use and the files written to them since the computers were commissioned," said Turner.
The council followed the project with a programme to raise awareness of staff on the safe use of removable storage devices.
It ran a USB amnesty, offering to replacing unauthorised devices with Caerphilly CBC-branded, Safend-encrypted USB sticks. And it explained the importance of encryption on these devices to protect users if the devices were lost or stolen.
"Users appreciate the importance of taking pre-emptive steps to protect the authority and its employees from any damaging loss of data," said Turner.
"With this system in place, no-one has to worry about being named and shamed in the press for data breaches," he said Coles.
Local authorities that failed to meet the GCSX deadline of 31 March 2009 are expected to be ready for connection to the network by the end of September.