Tandridge District Council secure flexible working with MFA

Tandridge is a local government district in Surrey, England containing part of the North Downs Area of Outstanding Natural Beauty and encompasses the towns of Warlingham, Caterham, Oxted, Godstone and Lingfield. It is now able to offer its 180 employees remote access to its systems and applications, safe in the knowledge that it has secured access to its networks.

Introducing a flexible working policy     

As a busy local council, providing services to its 83,000 citizens, Tandridge Council had long wanted to take advantage of remote working for its 180 employees, to improve workforce productivity. But concerns about security vulnerabilities in a flexible working environment made the council reticent about implementing such a policy.

However, a piece of UK public sector legislation stipulates that for any local government system interfacing with central government systems, dual factor authentication is needed for log in. In the case of Tandridge, its revenue systems (which deal with council tax, etc.) interface with the Department of Work and Pensions systems. Government Connect also sends in external auditors once a year to verify these systems meet standards.

Improved authentication meant the council would be able to provide a more secure environment for remote working. So in 2014, the council introduced a flexible working policy, which allowed everyone to work at home for a day a week.

As Matt Mitchell, IT Manager explains, “We wanted employees to have easy access to our systems from home or when they were travelling. Prior to this, there was no flexible working policy in place, so our remote working set up was very rudimentary and we had no authentication system. Naturally we were concerned about the security of our systems should we open up access and Government Connect accelerated the need to examine an authentication tool.”

How MFA helped lock down tandridge’s systems

Tandridge Council wanted to secure its remote working network, to enable employees to work at home and minimise any security concerns. The council introduced a workstation set up for remote working – Microsoft Hyper-V virtualization, delivered by Citrix – and researched authentication solutions, which would help it secure access.

Compared to two-factor authentication, Tandridge preferred multi-factor authentication (MFA) due to the additional layer of security it adds by using multiple variables to authenticate users. Employees now access Tandridge’s systems via a portal where they log in with the passcode delivered by Censornet MFA, which is a platform agnostic system.

The implementation was seamless and took just a matter of days.

The benefits Tandridge has seen…

Given the nature of Tandridge’s work and the fact that it deals with sensitive citizen data, system protection was paramount. It also meant the council could have peace of mind in complying with the regulatory requirement to protect access to central government systems, an area vulnerable to hacking, particularly from a remote access point of view.

Censornet’s Multi-Factor Authentication solution has also proven to be very economically beneficial. As Matt says, “It was so cost effective compared to other solutions, particularly token-based authentication. It was about half the cost of token solutions.”

It’s also very user friendly. Whereas employees can easily lose tokens, having authentication on their phones means we don’t have to worry about replacing lost tokens or other devices. The tokenless solution has also been beneficial in other ways. Matt says, “It also meant that we could scale the solution alongside take up of remote working, as opposed to buying 150 tokens and only half of them might be used. We just bought licenses incrementally.”