Security & work productivity
improvement with
Cloud storage based network separation
Realization of network separation
environment with NetID ‘ClouDoc’…
Enhanced work efficiency by supporting
Smartwork
(Written by : Reporter Seon Ae Kim / Photo: Reporter Goo Ryong Kim)
 |
| Incheon Metropolitan City Office of Education |
Incheon
Metropolitan City Office of Education introduced network separation environment
as one of the ways of supporting safe, happy schools. That is to establish safe
education environment by protecting student personal information and important
information from intellectual cyber attack. Especially Incheon Metropolitan
City Office of Education could enhance user convenience and security strengthening
effect through white list based internet interruption policy.
Review on logical network separation
for student personal information
Incheon
Metropolitan City Office of Education needed a method to manage their work
systematically and prevent information leakage as outsourced personnel were
changing frequently. They had reviewed physical network separation to manage
outsourced personnel PC. But they decided to construct logical network
separation in need of protection for student personal information and internal
information about education and administration stored in PC or the system.
After
reviewing physical network separation and SBC-BCB type logical network
separation technologies, Incheon Metropolitan City Office of Education
concluded that logical network separation was suitable to the environment of
the Office of Education. Afterwards, although we reviewed the logical network
separation solution from various angles, we could not find a solution suitable
to the requirements of the Incheon Office of Education.
Inchon
Office of Education wanted network separation environment adopting a Cloud
storage concept. They desired to realize the environment to access information
safely for work execution at the outside as well as to protect important
information from hacking. Necessary was a method to store data in the central
storage and to connect with the internet when accessing the data.
Application of white list based
internet interruption policy
Incheon
Office of Education searched for the system optimized for the Office of
Education work with the assembly of Electronic Document Management System
(ECM), Document Centralization, and Desk Top Virtualization (VDI). As the
Incheon Office of Education had already been equipped with work management
system and electronic payment system, they mainly reviewed the products
enabling to realize white list based internet contact permission/interruption
policy.
As
ECM or document centralization products supplied in the country had no internet
network separation function, and VDI was to separate internet and work network
using a virtual PC, they did not match with their demand to permit internet
connection only when necessary. It was likely that a CBC type network
separation solution took considerable time to convert to work network and
internet network in the actual work environment and caused delay of work
productivity.
Incheon
Office of Education decided that ‘NetworkLock’ function provided by NetID ‘ClouDoc’
could meet all network separation requirements. NetworkLock is normally away
from internet connection and waiting for work network connection. When
contacting the internet site permitted by the manager, NetworkLock functions to
connect to the internet.
Officer
Kyo Kwon Jin made clear that, “NetworkLock function was a core function to help
realized optimized network separation environment for Incheon Office of
Education, requiring collaboration through internet connection with specific government
organizations related. While we maintained almost similar environment to
existing work using a ClouDoc NetworkLock function, we could accomplish network
separation reformation.”
Supports Smartwork environment as
well as security
Incheon
Office of Education substantially obtained the effect of network separation
during reorganization after the inauguration of new superintendent of
education. As important information was stored in individual staff’s PCs in the
existing environment and such information was not managed properly,
reorganization would have required considerable time and efforts to rearrange
information management system. However, as all important information was stored
in the central server under the network separation project, when access policy of
authority to approach the relevant information was changed, we could proceed
with our work safely and conveniently even in the renewed organization
environment.
Also,
as we did not need to deliver data by email or USB, and the information
accessible within authority could be approached whenever and wherever,
collaboration with external organizations or work outside of the Office of
Education could be done easily. Further, even in case of faulty PCs in use, as we
can work at another PC without PC backup, it is also advantageous to ensure
work continuity.
Officer Kyo Kwon Jin explained that, “AS network separation has proceeded based on
Cloud storage, and we could access necessary information whenever and wherever
only with our own accounts, we could realize Smartwork environment. As an
auditor or school inspector, who goes on frequent business trip to educational
institutions, can do his task for himself at a school site, and he can finish
his task with reduction in travel time, productivity and job satisfaction have
increased.”
“Incheon Office of Education
killed two rabbits-productivity and security-with the environment optimized
network separation.”
Why did they proceed with the network
separation project?
They
needed a method to protect student personal information stored at the Incheon
Office of Education. Besides, systematic management and protection method for
important administration documents, which should not be released to outside
illegally, were required. In the meantime, another necessity was to protect
intranet mode from outsourced personnel stationed inside the Office of
Education for IT system development, maintenance and repair.
How to make up Cloud storage based network
separation environment.
Important
information necessary for work was stored at the secure, safe central storage,
and, according to authority access control policy, authorized person only could
contact the information to proceed with the work. Basic work had to be done
only in work network and normally internet contact was interrupted. When
applicable information has to be transmitted to an outside organization,
internet contact was possible only to the site where white list based security
policy has already been permitted.
What is the effect of ClouDoc
installation?
As
user inconvenience increases under general network separation environments,
field claims tend to congest. As network separation using ClouDoc allowed work
process under the environment almost same as the existing work and internet
contact was made rapidly, security was reinforced without affecting
productivity. As it provides network separation environment based on Cloud
storage, it is also effective in realizing Smartwork. As you can access your
desired information using any PC anytime and anywhere and also an audit or
superintendent of school with a lot of external business can immediately work
outside, job satisfaction goes up.
%EC%A0%9C%ED%92%88%EB%A1%9C%EA%B3%A0_ClouDoc.jpg)
