"This means that local public services organisations will not incur any significant additional costs or burdens..." mean that we can have RDP or similiar allowed again?
Mickey mouse operation if you ask me
The Cabinet Office has reached an agreement with local government organisations about security standards for connection to its GCSx network. The Society of IT Management (Socitm), which helped negotiate the terms, said that the agreement included cost reductions in connecting to the Government Secure Extranet (GCSx). It also …
Why in the name of god would anybody consult local government (or national government for that matter) about security?
Actually I can't think of a suitable simile without stealing from Blackadder.
This will probably alienate some public sector workers but they are either
1: the exception to the rule
2: simply don't know that they're crap
GSI wasn't set up as one massive silo - actually, no decently designed intranet ever is.
At most you could see it as a backdoor to the interdepartmental traffic if the connecting firewalls allow access to that traffic (which they shouldn't, but that's another issue), but to get into a department you'd have to get past their own GSI interconnect firewalls - they don't exactly trust each other either, so any GSI connection is firewalled in itself.
This means that you could get at most to a departmental DMZ, which is indeed what should happen.
I'm personally more astonished that it has taken either government or GSI contractor (is it still C&W?) more than 10 years to implement something that was actually part of the original growth plan for GSI. Given the cost savings this could have brought over the years that borders on scandalous.
It simply means that Central Government have recognised that Local Government do not deal in state secrets and that a one size fits all security policy across all levels and departments is not sensible.
From the wording it appears that this has been done on the basis of cost but it should also be seen as the way ahead on the basis of data security - imposing draconian security measures where they are not appropriate does nothing other than encourage that most serious of security holes - the undocumented, unapproved work-around,
... becuase if you don't, you can't hook up to the DWP for figures. They don't dish them out any other way any more. There isn't really an option for local governments to NOT comply.
As for keeping costs low, that presumably references cutting staff wages, which is where a good portion of the implementation costs are.