2015년 2월 22일 일요일

Security & work productivity improvement with Cloud storage based network separation

Security & work productivity improvement with

Cloud storage based network separation



Realization of network separation environment with NetID ‘ClouDoc’…

Enhanced work efficiency by supporting Smartwork

(Written by : Reporter Seon Ae Kim / Photo: Reporter Goo Ryong Kim)
Incheon Metropolitan City Office of Education
















Incheon Metropolitan City Office of Education introduced network separation environment as one of the ways of supporting safe, happy schools. That is to establish safe education environment by protecting student personal information and important information from intellectual cyber attack. Especially Incheon Metropolitan City Office of Education could enhance user convenience and security strengthening effect through white list based internet interruption policy.


Review on logical network separation for student personal information

Incheon Metropolitan City Office of Education needed a method to manage their work systematically and prevent information leakage as outsourced personnel were changing frequently. They had reviewed physical network separation to manage outsourced personnel PC. But they decided to construct logical network separation in need of protection for student personal information and internal information about education and administration stored in PC or the system.



After reviewing physical network separation and SBC-BCB type logical network separation technologies, Incheon Metropolitan City Office of Education concluded that logical network separation was suitable to the environment of the Office of Education. Afterwards, although we reviewed the logical network separation solution from various angles, we could not find a solution suitable to the requirements of the Incheon Office of Education.

Inchon Office of Education wanted network separation environment adopting a Cloud storage concept. They desired to realize the environment to access information safely for work execution at the outside as well as to protect important information from hacking. Necessary was a method to store data in the central storage and to connect with the internet when accessing the data.


Application of white list based internet interruption policy



Incheon Office of Education searched for the system optimized for the Office of Education work with the assembly of Electronic Document Management System (ECM), Document Centralization, and Desk Top Virtualization (VDI). As the Incheon Office of Education had already been equipped with work management system and electronic payment system, they mainly reviewed the products enabling to realize white list based internet contact permission/interruption policy.

As ECM or document centralization products supplied in the country had no internet network separation function, and VDI was to separate internet and work network using a virtual PC, they did not match with their demand to permit internet connection only when necessary. It was likely that a CBC type network separation solution took considerable time to convert to work network and internet network in the actual work environment and caused delay of work productivity.
Incheon Office of Education decided that ‘NetworkLock’ function provided by NetID ‘ClouDoc’ could meet all network separation requirements. NetworkLock is normally away from internet connection and waiting for work network connection. When contacting the internet site permitted by the manager, NetworkLock functions to connect to the internet.


Officer Kyo Kwon Jin made clear that, “NetworkLock function was a core function to help realized optimized network separation environment for Incheon Office of Education, requiring collaboration through internet connection with specific government organizations related. While we maintained almost similar environment to existing work using a ClouDoc NetworkLock function, we could accomplish network separation reformation.”

 

Supports Smartwork environment as well as security

 
Incheon Office of Education substantially obtained the effect of network separation during reorganization after the inauguration of new superintendent of education. As important information was stored in individual staff’s PCs in the existing environment and such information was not managed properly, reorganization would have required considerable time and efforts to rearrange information management system. However, as all important information was stored in the central server under the network separation project, when access policy of authority to approach the relevant information was changed, we could proceed with our work safely and conveniently even in the renewed organization environment.

 
Also, as we did not need to deliver data by email or USB, and the information accessible within authority could be approached whenever and wherever, collaboration with external organizations or work outside of the Office of Education could be done easily. Further, even in case of faulty PCs in use, as we can work at another PC without PC backup, it is also advantageous to ensure work continuity.

 
Officer Kyo Kwon Jin explained that, “AS network separation has proceeded based on Cloud storage, and we could access necessary information whenever and wherever only with our own accounts, we could realize Smartwork environment. As an auditor or school inspector, who goes on frequent business trip to educational institutions, can do his task for himself at a school site, and he can finish his task with reduction in travel time, productivity and job satisfaction have increased.”
 
“Incheon Office of Education killed two rabbits-productivity and security-with the environment optimized network separation.”

 

Why did they proceed with the network separation project?

They needed a method to protect student personal information stored at the Incheon Office of Education. Besides, systematic management and protection method for important administration documents, which should not be released to outside illegally, were required. In the meantime, another necessity was to protect intranet mode from outsourced personnel stationed inside the Office of Education for IT system development, maintenance and repair.
 

How to make up Cloud storage based network separation environment.

 
Important information necessary for work was stored at the secure, safe central storage, and, according to authority access control policy, authorized person only could contact the information to proceed with the work. Basic work had to be done only in work network and normally internet contact was interrupted. When applicable information has to be transmitted to an outside organization, internet contact was possible only to the site where white list based security policy has already been permitted.
 
 

What is the effect of ClouDoc installation?

 
As user inconvenience increases under general network separation environments, field claims tend to congest. As network separation using ClouDoc allowed work process under the environment almost same as the existing work and internet contact was made rapidly, security was reinforced without affecting productivity. As it provides network separation environment based on Cloud storage, it is also effective in realizing Smartwork. As you can access your desired information using any PC anytime and anywhere and also an audit or superintendent of school with a lot of external business can immediately work outside, job satisfaction goes up.