Government bodies must meet deadlines on identity theft prevention
Resellers can help councils in their quest for CoCo compliance, says Yurong Lin
Lin: VARs should be turning their gaze on CoCo opportunities
The Home Office claimed last year that identity theft in the UK costs businesses on average £1.2bn. This may be fuelling the government’s decision to push identity cards.
Organisations have similar problems. Unauthorised users are able to penetrate security and access corporate data, and of course there is the age-old problem of users logging on as someone else.
We believe that these threats are driving demand for two-factor authentication, with many organisations replacing insecure passwords and secure assets, alongside working to comply with HIPAA, Sarbanes-Oxley, FSA and the like.
Next up is the Code of Connection (CoCo) standards, which will define the future of communications between local and central government. The regulation requires local authorities to implement rigorous security processes and ICT controls, as well as provide secure access to data through multi-factor authentication.
The CoCo deadline has been extended to 30 September. And it is apparent that councils may risk ID theft and loss of network connection to central government departments if they don't comply by this date.
While councils are looking for a quick fix, there is a lack of knowledge around the topic, which is holding them back and causing confusion.
Some say that over a quarter of local councils will fail to comply by the deadline. This is worrying, and we have had a massive number of calls seeking basic CoCo advice.
Five key areas of compliance are expected to prove the greatest challenge for councils. These are: securing remote devices; developing secure processes; managing software centrally; managing a cultural change; and maintaining ongoing compliance.
For remote devices to be CoCo-compliant they must be secure, encrypted and only get access to the network through a secure Virtual Private Network (VPN) using two-factor authentication.
The simplest way to achieve this is to provide a unified authentication platform to prohibit unauthorised access to government networks. You do not need more complicated passwords. Greater complexity invariably means users forget their passwords and need to call the IT helpdesk for a reset, or they risk disclosure by writing them down.
Two-factor authentication can be provided through via a secure USB stick, mobile phone, biometrics, or a hardware or software token – whichever is easiest for the user.
Resellers can help.
Yurong Lin is chief executive officer at Deepnet