Microsoft UK Public Sector - Efficiency - IAG: Safe remote access to government resources

Public sector organisations need to provide fast, controlled and secure access to data for their increasingly mobile employees. Microsoft’s Intelligent Application Gateway (IAG) provides a solution – and extends the life of existing IT investments, too. Paul Curran finds out more.

Many factors are getting public sector organisations increasingly interested in mobile working. These include the need to reduce the expense of government estates and back-office functions; a general push to offer flexible working to employees and the imperative to deliver improved service to citizens – ideally out in the community.

The challenge in this new dispersed working regime is security. Microsoft’s Intelligent Application Gateway (IAG) is an “edge” solution that gives mobile and remote government workers access to data in central repositories or departments over the Internet without compromising security.

“Essentially, the IAG sits on the perimeter of a computer network and provides access to programs and information to people working outside the organisation, for example third party contractors and people working from home,” says Brian Dunleavy, a business manager at Eurodata Systems, a leading integrator of the Microsoft IAG solution to public sector organisations.

Dunleavy continues: “IAG enables us to provide remote access services to several government organisations. This means that, for the first time, public servants can use their organisation’s IT services from home as effectively as in their place of work. We have also seen a direct benefit through this solution in that now government organisations can offer more effective community services.”

As its name implies, the IAG’s strength lies in securely managing access to applications and resources from any connected device in the world, providing a flexible working environment with maximum information availability to today’s distributed public sector workforce.

Dunleavy says: “It does this by using the secure socket layer (SSL) of a web browser - effectively, it lets you create an encrypted link between a computer program and a device, using a web browser.”

What differentiates IAG from similar remote access technologies, is the concept of context-based access. The IAG platform ties together and enforces an access policy based on who you are, where you’re coming from, and the type of application you want to access. This level of secure authorisation and access to sensitive government information is one of the key requirements of the Government Connect programme which enables the exchange of information between central and local government. Government Connect to improves the workflow of public services such as the provision of housing benefit which is funded by the Department of Work and Pensions (DWP) and delivered to citizens by their local authority.

This “intelligent access” is formed from a series of policies which relate to an individual’s role, the device they are accessing from, and the application they want to use. These three main factors then decide which tasks within each remote application the user may interact with.

IAG also provides a framework for IT administrators to control who has access to applications and information and what they can do with it. Dunleavy argues that this is particularly useful for public sector organisations. “What a probation officer needs to see may well differ from what a social worker or housing inspector needs to see,” he says. “You can also set a policy so that, for example, a social worker can edit a document while a colleague working with him will only be able to read it.”

Administrators can even control the “look and feel” of applications. Users who have limited rights within a particular system may not see some of the functions, or have them “greyed out”. Not only does this enforce access restrictions, but can even make software easier for users.

IAG also knows what is going on inside IT systems (at an application level) and “learns” which user instructions are safe and which are not - which is why it’s called an “intelligent” application gateway. This allows IAG to work alongside a government department’s existing computer programs.

“Public service organisations are therefore able to get more value from the IT they’ve already bought,” adds Eurodata Security Consultant, Uri Arjitecter. “Government bodies are realising that they need to ‘sweat their assets’ a bit more, and IAG helps them do that. Instead of making endless changes to the applications they already have, with reliable remote access they can improve what staff can achieve.” That means a longer lifecycle, a better return on investment, and happier staff.

“You end up with a kind of mushroom effect, where the solution is initially bought for one application or department and ends up being used throughout the organisation,” says Arjitecter.

Because IAG is a fully scalable platform, you can steadily increase the number of applications it aligns with – which do not have to be from Microsoft – progressively adding new remote services.

Any solution of this kind must, of course, comply with government guidelines on connectivity and security. Microsoft IAG has received a CCT (“Claims Tested”) mark from the Central Sponsor for Information Assurance (CSIA), a unit of the Cabinet Office set up to safeguard IT and telecommunications.

CCT is there to give purchasers confidence that vendor claims about security functionality have been validated. The Scheme is aimed primarily at those products and services which may be purchased by the wider public sector, particularly education, local authorities, NHS and criminal justice departments. IAG is the only SSL VPN solution to achieve this standard.

Products must have various security features in place to meet such standards. Dunleavy says a key one is “to prevent any residue remaining on local discs” - in other words, to ensure that no data is left behind on users’ devices.

IAG does this by “screen scraping.” No storable information is sent from inside the network to a user’s’ device: it cannot be “cached” (saved locally) for retrieval later. And at the end of a session, the information is “scraped” from the device that has been used to view it.

Mr Dunleavy says this is another feature of IAG that public sector organisations should find particularly reassuring. “For example, we worked with one public sector organisation that had set up a wireless network but found its staff were quite forgetful about the devices they used over it,” he says. “We set up IAG so they had access to information on their premises, but once they left the building the information was wiped. If they left their devices in their cars or in the pub, they would at least have no identifiable information on them.”

• Microsoft's Intelligent Application Gateway (IAG).
• IAG’s bigger brother: Forefront

Paul Curran is a writer, journalist and commentator on business and technology. A regular contributor to IT, business and financial trade publications, he has worked with major international corporations communicating IT strategies for over 25 years..