GCSx – is it really worth the hassle?
In this technological age, getting in touch with colleagues should be easy. Firstly, many people sit in the same open plan office as their colleagues, so they are able to simply turn their head and speak. Should they not be near enough to each other, a phone call to a landline or mobile will suffice. Alternatively an e-mail will do, whilst some organisations even make use of Yammer, instant messenger, or other forms of social networking. All this should mean that we should be able to talk to each other and share information across teams and partners easily, right?
At some point, a bright spark in the ICT world (or perhaps a salesman with a keen eye for a guaranteed profit) decided that e-mail wasn’t good enough for some organisations. There were obviously hordes of people intercepting e-mails willy-nilly, bleeding vital information from the public sector at a rate the ex-News of the World would have been in awe of. No, e-mail wasn’t good enough; so along came GCSx.
GCSx, for those of you yet to enjoy it’s company, stands for Government Connect Secure eXtranet and is effectively a system which acts exactly like e-mail. It is supposed to sync with Outlook, and is apparently a far more secure way of sending sensitive information. Two people with GCSx accounts should be able to swap information and e-mails about cute cats to their hearts content, safe in the knowledge that they will not have such message intercepted.
And here is where the snag is. GCSx is now the only way to talk with many central government staff via e-mail. It is used by the NHS, by government ministers, by Whitehall departments and by the Police; therefore the only way you can e-mail these people is to have a GCSx account. All other e-mail accounts bounce right back to you as insecure, even if the information contained within them has nothing at all in the way of sensitivity.
You might be forgiven for thinking that if this is the way things need to be done, then everyone will simplt replace their old e-mail with a new one, adding those magic four letters to it and enabling them to continue as normal. In actual fact, this is very far from the case. In order to receive an account each individual effectively has to be audited; passports are required and forms need to be completed, including one which says how you will pay the fee to set it up. Each costs in the region of £100, which can really add up for larger teams. The same costs and security measures will be required for other organisations as well, including the third sector.
This system also doesn’t replace your existing e-mail account; it sits alongside it. However, due to the wonders of IT it doesn’t always do so easily, enabling you to see your GCSx inbox from your normal account (added as an extra inbox) yet not enabling you to then use it to send replies. Instead this requires you to close down any e-mails you have open, log out, then log back in under your GCSx account to send your reply (remembering to copy over any contacts of course if you are compsing a new e-mail as your existing contact list remains separate) before logging back out of that account and into your normal account. It also appears, according to some reports, to remove your ability to further encrypt information being sent over it.
Stories have been shared with this blogger of staff who have had their work seriously affected by this laborious process. One person even simply stopped contacting one GCSx enabled organisation as they had no way of replying to e-mails sent to them. When so much of our work is in the form of the written word this is entirely understandable, if not perhaps the best outcome.
Data security for sensitive information is a big deal. No-one wants to know that their personal information is being sent out and badly handled, left on disks on trains or copied to spam e-mails. However, the creation of a new, arbitrary ICT system seems to be using a sledgehammer to crack a nut. The amount of information being sent via GCSx accounts which actually sits within the more serious and restricted classification bands is actually limited, and rightly so. Sensitive informatio is just that – sensitive – and by far the biggest risk to any system no matter how secure is human error. The less of this type of information sent around the better, thus decreasing the likelihood of mistakes being made and it going astray. Other related drives to address data security are welcome, especially if they are supported by well planned and delivered training and awareness raising.
Demanding that all public sector organisations add new and relatively expensive e-mail inboxes to officer’s accounts, then not ensuring that they work seamlessly with existing systems, simply smacks of all of the worst elements of thinking that were highlighted by the recent scathing report into government spending on major ICT projects. GCSx appears to be the equivalent of saying to homeowners that their locks and burglar alarms simply aren’t good enough; if they want to be allowed to receive guests then they need to steel plate every door and wall, replace all windows with bullet-proof glass and change the locks for encrypted safe combination tumblers.
ICT should be there to make tasks easier. e-mail is a wonderful communication tool that has revolutionised the way the world does business and broken down old walls between organisations in a way that old, paper files could never hope to do. GCSx is not just rebuilding those walls, it is doing so with reinforced steel and dog patrols.
IT could be doing more harm here than good.