Government is simply everywhere in our daily lives. Public services like education, justice and healthcare are – for at least part of it – a government responsibility in most countries. The way residents and public service organizations communicate with each other at the same time faces significant changes. Public services are transforming from large-scale, standardized solutions towards services that are intelligent, interactive and focusing on individual needs. The standard communication between a government and its residents will become more and more an online via internet or even social media. What remains is a smaller number of specialized civil servants with more and bigger responsibilities. They will be in contact with citizens for the more complex arrangements.
Also, the government is in transition from a monolithic full service provider to a coordinator that predominately acts as a broker between public, semi-public and private organizations, which together offer services to residents. So, for complex arrangements, the civil servant is really the spider in the web.
Let’s give an example. Nowadays, the procedure to get a simple permit has for many public authorities become an automated process that is completely handled online and for which no or limited human interaction is required. But organizing the daily life for a disabled person who needs a complex combination of care, housing and guidance, often has become the responsibility of a single case officer who is in close contact with the resident, family and all other parties involved in the day-to-day care for this specific person. So, one civil servant is responsible for managing this very complex situation. He or she has access to all relevant and often very sensitive information about this person and since the situation is complex and not-standard by default, a telephone is the essential business tool.
Telephony security in the public sector
Given this example, we are surprised that within government bodies the security of IT databases and applications is extremely important, while security of the telephone infrastructure often seems to have a much lower priority. Many government organizations use for example so-called Extension Mobility or Hoteling functionality, which makes it possible for staff to work from any desk in the building, using their own telephone extensions and features. Since the login procedure for these VoIP telephones is typically very cumbersome, many people log in once and never log out as long as they use the same desk. Sometimes for days, but also for weeks or even months.
The impact may be very serious, like unauthorized access to personal data of citizens, or access to voicemails or conference calls in which personal information about these citizens is shared. But there is also the risk of illegal calls from a government extension number by someone who claims to speak on behalf of the government. Taking into account that the data protection regulation will become very binding the coming years and that specifically public organizations are expected to maintain the highest privacy standards, this certainly is a high risk area.
VoIP Single Sign-On solution for public organisations
Knowing this, it is not that strange that since its first release in 2005, the RSconnect Active Login Manager is being used by many governments and public service organizations to simplify the use of IP telephony and at the same time protect their VoIP and Unified Communications infrastructures against unauthorized access.