Microsoft UK Public Sector - Efficiency - Globally secure HR access for the Ministry of Defence

Few organisations take remote working to such extremes as the Ministry of Defence. For the Ministry and its staff, “remote” can mean far-flung, inhospitable, and technically under-resourced. Kim Thomas finds that none of this stands in the way of staff submitting their expenses claims- thanks to Microsoft technologies.

Most organisations struggle with the challenges of remote working, but for the Ministry of Defence (MoD) it was a particularly tough proposition. It has 320,000 employees, both civilians and military, and some of them work in locations that are truly remote. Furthermore, because of the nature of the organisation, any access its employees have to central systems has to be 100 percent secure.

For employees who work in the UK, inside the MoD’s firewall, this isn’t a problem. But until recently, 10,000 “orphan” employees – many working abroad, others seconded to different government departments – had no way of gaining secure access to internal systems. A few years ago, the MoD improved the efficiency of its HR processes by introducing an electronic self-service system that enabled employees to carry out activities such as claiming expenses or putting in holiday requests online. The “orphan” employees, however, had to continue with paper processes because they were operating outside the MoD’s secure electronic boundaries.

Extra staff had to be employed in the HR function so the paper processes could run alongside electronic ones. These processes were immensely inefficient and time-consuming, says David Longhurst, an adviser to the chief information officer at the MoD: “Even processing an expenses claim could sometimes take weeks. In other instances, soldiers in the field or reservists on training might have to queue to use a single computer.”

Mindful of the damage this caused to morale, as well as the cost in time and productivity, the MoD decided to provide its “orphan” workers with access to the same systems its UK office-based workers were using, and it turned to Microsoft and Microsoft Certified Gold partner Capgemini to develop a solution.

It was a hefty task, says St John Williams, head of defence for Microsoft UK, because it entailed “making sure that the individual sitting at the one end of the screen is who they say they are, combined with the ability to get secure access to information over the Internet, and then making sure that the information that’s passed back can’t be intercepted en route and viewed by anybody who shouldn’t see it.”

A further requirement was to keep costs down, and that meant using commercial off-the-shelf technology. Users had to be able to access the HR systems without any change to the MoD’s line-of-business applications.

Known as the Internet Access Shared Services (IASS) project, the solution the partners developed brought together several Microsoft technologies – Intelligent Application Gateway, Active Directory Federation Services and Microsoft Internet Security and Acceleration Server – to create a secure network that would allow remote workers to access multiple HR applications.

To make sure that only valid users of the system were allowed to log on, Microsoft Consulting Services worked with Avaleris (identity management consultancy) and Gemalto (digital security specialists) to provide secure identity management, in the form of smart cards integrated with Microsoft Identity Lifecycle Manager. The Government Gateway – an online portal developed by the Cabinet Office and Department of Work and Pensions to enable citizens to carry out secure transactions with government – was adopted as a way of authenticating users.

It was a complex solution to develop, but – crucially - a simple one to use. Each remote employee carries a single ‘Chip & PIN’ smartcard, which allows them access both to their office building and to the applications they need to use. The solution uses federated services, which means that once a user has logged into the Government Gateway and been authenticated, they can gain access to several applications.

“Our people insert their Chip and PIN card into a portable standalone smartcard reader,” explains Longhurst. “The reader displays a dynamic password generated by the card chip. The password is valid for a single session when accessing the HR service via a Web portal. With this service, civilian and military staff can access numerous HR services anytime from anywhere.”

And it doesn’t matter where they are logging in from – access is completely secure. “This is all about enabling somebody to access a corporate application, sitting on a server behind the firewall in a safe, secure position, from an Internet access device. That could be a member of the RAF sitting on a US airforce base, right the way through to an Internet café in Mumbai,” says Williams.

The project went live in October 2008, and the MoD is expected to achieve a return on investment within a matter of months. Over the next 10 years, the saving will run to several million pounds. Not only has the need to run paper processes in conjunction with electronic ones been eliminated, the department is finding other savings as, for example, employees find the cheapest flights and train journeys by booking in advance online.

Now that the secure solution is in place, there are exciting opportunities to expand the range of applications available, says Chris Jordan, enterprise strategy consultant at Microsoft: “Whether it’s a soldier in Afghanistan or a schoolteacher in Germany or somebody in the middle of Washington, there are many people who suddenly realise that capabilities now exist that were unthinkable about a year ago.”

The MoD schoolteachers in Germany, for example, have traditionally not had access to the MoD’s secure networks, says Jordan: “They haven’t been able to have any form of IT support for their role, but with these systems it all becomes possible, whether it’s simple email, more complex application support, or educational systems.”

Similarly, says Williams, forces personnel may soon be able to take advantage of the fact that the MoD is now a Microsoft IT Academy: “By using secure internet access you can tunnel back into the UK, and get access to all the education and training materials that have been made available from the IT academy programme.”

The beauty of the solution is that its use can be extended to MoD employees who want to work out of the office, or veterans who have left the MoD but may want to look at their pensions. Crucially, says Williams, it can be easily adapted for use by other government organisations: “You’ve got the opportunity for vast swathes of government departments to pursue their green agenda of working from home.”

As more people work from home, he adds, the MoD and other government organisations using the solution will be able to reduce their requirement for office space, and thus slash the cost of running buildings. Says Williams: “It opens up two sets of doors: one, working away from the office in the manner you’re used to, and two, allowing people who have never had the ability to use these facilities before to have them.”

• Microsoft Consulting Services
• Cap Gemini
• Microsoft Intelligent Application Gateway
• Microsoft Active Directory Federation Services
• Microsoft Internet Security and Acceleration Server

Kim Thomas is a freelance journalist, who specialises in writing about technology, business and education. Her clients include the Financial Times, the Economist Intelligence Unit and The Guardian as well as a number of B2B publications.