Is GCSx compliance an opportunity, or a tick in the box?

Man with hands underneath laptop, phone and tablet transferring data

The UK has a large-scale intranet in place to connect all central government bodies, local government authorities and other public sector organisations, called the Government Secure Intranet, or GSI. Connecting into this network is done via the Government Connect Secure Extranet (GCSx). GCSx is a nationwide standard which enables secure interactions between local government authorities and other organisations, ensuring that all participants have the right security framework and policies in place.

Originally launched in 2007, the Government Connect Secure Extranet (GCSx) Code of Connection (CoCo) is a list of security controls that all local government organisations must be compliant with before they are given access to the national IT network infrastructure. Once compliant, councils and their staff are authorised to access the Government Secure Extranet, including networks such as the Police National Network, Criminal Justice Extranet and the National Health Service.

The overall aim for this network of connections is to improve the speed at which information can be passed between local authorities, central government and other public sector organisations while keeping the whole network secure. Examples of where this network will be used include public safety, social security and health care provision, as these rely on a number of different public sector organisations collaborating to provide the service to individual citizens.

The original plans were for all councils to be live on the network by March this year, but the volume of local authorities that have not yet signed up as compliant means that the final date for compliance has been put back to September 2009. The delay in the process presents a potential opportunity for security providers to help those councils that are not yet compliant get up to speed.

GCSx can also provide a new impetus for those councils that have already gone through the compliance activity to look again at their IT security requirements and the existing products that are in place. The key question that should be asked is not just “Am I compliant?”, but “Am I implementing technology that delivers higher levels of performance for users and the best possible value for the wider community?”

Looking again at the themes of performance and value can provide an opportunity for selling new IT solutions. When local authorities come to look at license renewals around their antivirus and other security technologies, this can act as a spur to investment, as GCSx CoCo compliance gives a compelling reason for councils to re-evaluate their security solutions.

One key differentiator for channel providers to increase replacement sales and renewal opportunities is the ability to demonstrate greater value back to customers by delivering better security products at a lower price-point. The antivirus market is a particularly good example: evaluating the incumbent AV provider against other offerings can drive down cost for the customer, but it is also an opportunity for new sales with a superior replacement offering. With stronger margin opportunities in replacement sales compared to license renewals, this provides both the partner and the customer with a ‘win-win’ situation.

Issues such as performance and support are also reasons for councils to evaluate their security solutions. Most end-users complain about the impact on system performance that endpoint security has on their work activities, so solutions that minimize this can provide a compelling return on investment: an increase in productivity, reduction in IT help desk support tickets, and lower maintenance and renewal costs. Newer security solutions can consolidate various functions in one place, providing an opportunity to reduce the number of systems that have to be supported in the future as well.

In the current economic climate, the public sector remains a strong market at present; similarly, the security sector has retained its budgets when other projects are being cut back. However, the impetus to invest in new solutions has to overcome significant resistance: being able to save money is therefore a key requirement when it comes to renewals.

With the standards established around GCSx, CoCo provides a thorough list of best practices for IT security, which all councils should already have in place. However, GCSx CoCo can also be more than a ‘tick in the box’ opportunity for resellers. The delay can actually lead to greater opportunities with forward-thinking councils, providing opportunities to meet their future requirements rather than just sticking with the current set-up.