A lack of suitable devices for mobile workers at West Berkshire Council was delivering a poor user experience, with lengthy logins and unreliable connectivity. By extending their Microsoft DirectAccess project and adding Microsoft Windows Hello, the ICT team introduced smarter ways of working. Staff can now easily connect their state-of-the-art portable devices to all necessary council services.
Improving the user experience
West Berkshire Council is responsible for approximately 1700 staff over 43 locations spread throughout West Berkshire, requiring connectivity from a vast array of additional remote locations. The main office locations are open plan flexible working, with wireless available for some groups. Remote access is mainly Citrix but some Microsoft DirectAccess (DA) and a VPN is used by councillors and in pilot for staff.
Our main issues were a poor remote user experience due to a lack of suitable choice of devices. There was also a shortage of ‘always connected’ devices for those users who needed access to email all the time, whilst others might only need to sync once a day.
A set of ambitious objectives…
We wanted to introduce a seamless authentication process to improve how staff work, and provide a much friendlier user experience. Staff should find the process intuitive, and not be burdened by the need for a physical 2FA token, or require technical knowledge to access the systems they need.
We also wanted to reduce the risk of security breaches introduced by users trying to bypass ‘clunky’ security systems (such as dropped VPN connections, and the burden of remembering numerous passwords). To that end, we wanted to extend our Microsoft DirectAccess project and add in Microsoft Windows Hello.
The Secure by Default Partnership Programme
There was just one problem; we lacked a full enough understanding of government guidance and standards to enable us to move forward with the new ways of working we’d identified, without risk to our compliance regime.
Furthermore, shrinking budgets were affecting our ability to try out options to enable smarter working.
With the help of the NCSC’s Secure by Default Partnership Programme, we started a project to identify suitable hardware options to test the alternatives of fingerprint or facial recognition authentication. At the same time, we reviewed planned configurations against guidance and standards to ensure an appropriately secure configuration of the Windows Hello authentication.
A small team of social care practitioners were ‘recruited’ to test both methods after a proof of concept had been completed.
Finally, the ICT team wanted to see a reduction in management overheads by removing older systems, and also a reduction in helpdesk tickets. This would release resources that could focus on more innovative ways of operating.
The result? Smarter ways of working
Users were delighted when their old, heavy laptops were replaced with state-of-the-art devices, designed for ‘work on the go’, and configured to connect - simply and reliably - to all the necessary council services.
The change in authentication methods worked as expected, and more importantly was quicker and more efficient. Logins and start-ups are estimated to be between and 50 and 65% quicker.
We also confirmed with the PSN compliance team that the new configuration was acceptable.
“Really quick and easy to learn.”
“Very fast, easy to use, lightweight and portable.”
Social Care Practitioners, West Berkshire Council
Despite the jump in technology versions identifying some issues with the usability of a number of council legacy applications, the pilot was a success. So much so that we’re already thinking about the next set of improvements for our mobile workforce.
For example, we’ve identified the need for enhancements to connectivity (such as support for 4G), to enable staff to connect more seamlessly whilst working remotely.
Find out more