GCSx – is it really worth the hassle?

A step too far?In this technological age, getting in touch with colleagues should be easy. Firstly, many people sit in the same open plan office as their colleagues, so they are able to simply turn their head and speak. Should they not be near enough to each other, a phone call to a landline or mobile will suffice. Alternatively an e-mail will do, whilst some organisations even make use of Yammer, instant messenger, or other forms of social networking. All this should mean that we should be able to talk to each other and share information across teams and partners easily, right?


At some point, a bright spark in the ICT world (or perhaps a salesman with a keen eye for a guaranteed profit) decided that e-mail wasn’t good enough for some organisations. There were obviously hordes of people intercepting e-mails willy-nilly, bleeding vital information from the public sector at a rate the ex-News of the World would have been in awe of. No, e-mail wasn’t good enough; so along came GCSx.

GCSx, for those of you yet to enjoy it’s company, stands for Government Connect Secure eXtranet and is effectively a system which acts exactly like e-mail. It is supposed to sync with Outlook, and is apparently a far more secure way of sending sensitive information. Two people with GCSx accounts should be able to swap information and e-mails about cute cats to their hearts content, safe in the knowledge that they will not have such message intercepted.

And here is where the snag is. GCSx is now the only way to talk with many central government staff via e-mail. It is used by the NHS, by government ministers, by Whitehall departments and by the Police; therefore the only way you can e-mail these people is to have a GCSx account. All other e-mail accounts bounce right back to you as insecure, even if the information contained within them has nothing at all in the way of sensitivity.

You might be forgiven for thinking that if this is the way things need to be done, then everyone will simplt replace their old e-mail with a new one, adding those magic four letters to it and enabling them to continue as normal. In actual fact, this is very far from the case. In order to receive an account each individual effectively has to be audited; passports are required and forms need to be completed, including one which says how you will pay the fee to set it up. Each costs in the region of £100, which can really add up for larger teams. The same costs and security measures will be required for other organisations as well, including the third sector.

This system also doesn’t replace your existing e-mail account; it sits alongside it. However, due to the wonders of IT it doesn’t always do so easily, enabling you to see your GCSx inbox from your normal account (added as an extra inbox) yet not enabling you to then use it to send replies. Instead this requires you to close down any e-mails you have open, log out, then log back in under your GCSx account to send your reply (remembering to copy over any contacts of course if you are compsing a new e-mail as your existing contact list remains separate) before logging back out of that account and into your normal account. It also appears, according to some reports, to remove your ability to further encrypt information being sent over it.

Stories have been shared with this blogger of staff who have had their work seriously affected by this laborious process. One person even simply stopped contacting one GCSx enabled organisation as they had no way of replying to e-mails sent to them. When so much of our work is in the form of the written word this is entirely understandable, if not perhaps the best outcome.

Data security for sensitive information is a big deal. No-one wants to know that their personal information is being sent out and badly handled, left on disks on trains or copied to spam e-mails. However, the creation of a new, arbitrary ICT system seems to be using a sledgehammer to crack a nut. The amount of information being sent via GCSx accounts which actually sits within the more serious and restricted classification bands is actually limited, and rightly so. Sensitive informatio is just that – sensitive – and by far the biggest risk to any system no matter how secure is human error. The less of this type of information sent around the better, thus decreasing the likelihood of mistakes being made and it going astray. Other related drives to address data security are welcome, especially if they are supported by well planned and delivered training and awareness raising.

Demanding that all public sector organisations add new and relatively expensive e-mail inboxes to officer’s accounts, then not ensuring that they work seamlessly with existing systems, simply smacks of all of the worst elements of thinking that were highlighted by the recent scathing report into government spending on major ICT projects. GCSx appears to be the equivalent of saying to homeowners that their locks and burglar alarms simply aren’t good enough; if they want to be allowed to receive guests then they need to steel plate every door and wall, replace all windows with bullet-proof glass and change the locks for encrypted safe combination tumblers.

ICT should be there to make tasks easier. e-mail is a wonderful communication tool that has revolutionised the way the world does business and broken down old walls between organisations in a way that old, paper files could never hope to do. GCSx is not just rebuilding those walls, it is doing so with reinforced steel and dog patrols.

IT could be doing more harm here than good.

Explore posts in the same categories: We love the Council

Tags: , , , , ,

You can comment below, or link to this permanent URL from your own site.

5 Comments on “GCSx – is it really worth the hassle?”

  1. […] This post was Twitted by WeLoveLocalGov […]

  2. Andrew Says:

    And of course the people we really need to communicate with by email – the public – don’t have secure email. We may be writing to them and having to refer to their ‘sensitive personal data’ – sexual orientation, illness, children’s details or others, stuff they don’t want the rest of the world to know about. And the biggest risk is not email interception, but typing the wrong address.

    My organisation recently introduced a new information security policy for sensitive data, and for a few days we either had to send encrypted emails to customers or send hard copy by special delivery at £5 a go. Cries of outrage rose to the heavens – and the Gods replied by quickly changing the definition of ‘sensitive’ to something more sensible.

    There is one organisation we deal with who use GCSx; only certain of our people can email them with the log in/out business as referred to. Luckily their physical location is not far from our office so from time to time our messengers just swap bundles of paper – much simpler.

  3. Mark Stanley Says:

    I think everyone “gets” that sensitive information should be secure. Yet laughingly sensitive information is often trusted to the power of a first class stamp and paper envelope, and usually (but not always) shoved through the right letterbox, at which point it is deemed delivered. Who actually opens the envelope is anyone’s guess.

    We all know that a determined burglar can break into your home and nick your telly. Our entire home security is set up around being a bit less of a sitting duck than your neighbours – the idea is that determined thieves are few and far between, it is the opportunists we aim to deter with our burglar alarm boxes, lights on a timeswitch, and neighours to pick up the post when we go on holiday.

    In essence we all play a numbers game. Sure your email can be intercepted by Chinese schoolchildren or that geeky pizza-loving guy in the flat upstairs, or any bogeyman of your choice. But then your printed paper documents can be intercepted by the dodgy postie or News International’s army of private eyes. However we are willing to bet that the chances are pretty slim so we’ll probably be fine. As your post suggests, we are much more likely to email the wrong person or leave a document on a seat in the pub.

    Unquestionably there are seriously sensitive bits of information that really do need to be protected.

    Salesmen must be perplexed: “Would you prefer secure or unsecure email” seems a no-brainer. Perhaps secure email is the answer to a problem we don’t care enough about? Global warming maybe? Saving for our pension in our 20s? Maybe, like Somalia it will take a massive crisis to land in our laps before anyone pays attention?

  4. Benny Says:

    2 things look at the size of the ICO fines and the large number of electronic near misses , secondly watch an internal IT Health check and be amazed how easily corporate systems can be broken.

    If you type the wrong address on gcsx it will go to someone with the required training and clearance to handle sensitive data.

  5. mc Says:

    how much time and money is wasted with the ludicrous number of password changes required by LA employees owing to some Central Government edict

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: